InfoSec News Nuggets 5/21/2024

FBI takes control of notorious BreachForums cybercrime website BreachForums, one of the most popular clearnet forums for sharing stolen data, malware, and other warez, is thought to have been shutdown by the Federal Bureau of Investigation (FBI), with its backend seized, and one of its key operators allegedly arrested. As reported by BleepingComputer, clearnet (publicly accessible internet) domains belonging to BreachForums were, as of Wednesday evening, displaying the usual message from the FBI, stating the…
Read More

InfoSec News Nuggets 3/25/2024

Senators push to declassify TikTok briefings Democratic Senator Richard Blumenthal and Republican Senator Marsha Blackburn are calling for TikTok briefings to be declassified so the government can “better educate the public on the need for urgent action.” The briefings come as support grows for a forced sale of TikTok due to national security concerns around ByteDance, the Chinese company that owns the app. “We are deeply troubled by the information and concerns raised by the intelligence community…
Read More

InfoSec News Nuggets 10/23/2023

Casio discloses data breach impacting customers in 149 countries Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform. Casio detected the incident on Wednesday, October 11, following the failure of a ClassPad database within the company's development environment. Evidence suggests that the attacker accessed customers' personal information a day later, on October 12. The exposed data includes customer names, email…
Read More

InfoSec News Nuggets 05/30/2023

Emby shuts down user media servers hacked in recent attack  Emby says it remotely shut down an undisclosed number of user-hosted media server instances that were recently hacked by exploiting a previously known vulnerability and an insecure admin account configuration. "We have detected a malicious plugin on your system which has probably been installed without your knowledge. [..] For your safety we have shutdown your Emby Server as a precautionary measure," the company informed users of affected servers in…
Read More

AboutDFIR Site Content Update 02/25/23

Tools & Artifacts - Windows - new entries added - Bitdefender, BoxDrive, F-Secure, and OpenVPN Tools & Artifacts - Android - new entry added - GroupMe Jobs - old entries cleaned up, new entries added - Cisco, North American Electric Reliability Corporation (NERC), Deepwatch, Nature's Way, Affinity Federal Credit Union, Sophos, Warner Bros, United Airlines, JP Morgan Chase & Co, American Electric Power, Jackson, and Newell AboutDFIR stickers are still a thing! If you're interested in…
Read More

AboutDFIR Site Content Update 01/15/23

Tools & Artifacts - Windows - new entries added - Program Compatibility Assistant, Security:4624 (Win11), and Notepad++ Tools & Artifacts - iOS- new entries added - Apple Watch Data and Continuity/Cellular Relay Tools & Artifacts - Android - new entry added - TikTok Annual Industry Reports - new entry added - Google Threat Report Jobs - old entries cleaned up, new entries added -Fortinet, Nissan, American Express, Verizon, Marriott, Synchrony, Tyson Foods, and FanDuel AboutDFIR…
Read More

InfoSec News Nuggets 10/07/2022

TikTok's "secret operation" tracks you even if you don't use it  Consumer Reports (CR), a US-based nonprofit consumer organization, has revealed that TikTok gathers data on people who don't even use the app itself. If this sounds familiar, it's because it's happened before. Meta's near-omnipresence wherever you are online enabled it to gather data on users, even those who don't have Facebook accounts—thanks, in part, to the Facebook "Like" button, a piece of code embedded on most websites. According…
Read More

InfoSec News Nuggets 06/22/2022

DDoS-for-hire service provider jailed Matthew Gatrel, a 33-year-old man from St. Charles, Illinois, has been sentenced to two years in prison for running websites that provide powerful distributed denial-of-service (DDoS) attacks against internet users and websites. This sentencing resulted in the seizure of his websites, making the internet a little safer from DDoS attacks. Gatrel was the administrator and owner of DownThem.org and AmpNode.com, two DDoS-for-hire websites with thousands of clients which launched attacks against more than 200,000 targets. He was convicted of three…
Read More

InfoSec News Nuggets 08/27/2021

Quantum computers could read all your encrypted data. This 'quantum-safe' VPN aims to stop that To protect our private communications from future attacks by quantum computers, Verizon is trialing the use of next-generation cryptography keys to protect the virtual private networks (VPNs) that are used every day by companies around the world to prevent hacking. Verizon implemented what it describes as a "quantum-safe" VPN between one of the company's labs in London in the UK and a US-based…
Read More

InfoSec News Nuggets 06/11/2021

How to Protect Seniors Against Cybercrimes and Scams Many of the crimes that occur in real life happen on the internet too. Credit card fraud, identity theft, embezzlement, and more, all can be and are being done online. Seniors and the elderly are often targeted for these cybercrimes. They tend to be more trusting than younger people and usually have better credit, and more wealth. This makes them more attractive to scammers. Seniors are considered…
Read More

AboutDFIR Content Update 2/11/2021

The first AboutDFIR update of February 2021 is here: Tools & Artifacts - Android - new entries added Tools & Artifacts - DVR/Multimedia - new entries added Tools & Artifacts - iOS - new entries added Tools & Artifacts - Windows - new entries added AboutDFIR stickers are a thing! If you're interested in one, please let us know! Here's what they look like: I've been continuing lots of work on GitHub to help improve…
Read More

InfoSec News Nuggets 5/7/2020

DigiCert hit as hackers wriggle through (patched) holes in buggy config tool DigiCert, slinger of SSL/TLS certificates, has warned that it too has suffered at the hands of Salty miscreants as a key used for Signed Certificate Timestamps (SCT) was potentially compromised. The company joins Ghost.org and LineageOS in being the target of ne'er do wells as attackers exploited a disclosed (and patched) vulnerability in the Salt configuration tool over the weekend, spraying exposed infrastructure with cryptocurrency mining software.…
Read More

InfoSec News Nuggets 4/29/2020

Online auction of record-breaking whisky collection hit by cyber-attack A record-breaking online auction of rare whiskies has been postponed indefinitely after being targeted in a cyber-attack. The sale of Richard Gooding’s “The Perfect Collection” was marketed as “the largest and most unprecedented private whisky collection ever to be offered for public sale”. The first phase of the auction, consisting of more than 1,900 bottles, fetched more than £3.2m earlier this year. The second phase of…
Read More

InfoSec News Nuggets 9/10/2019

Capital One hacker Paige Thompson pleads not guilty on all counts The alleged Capital One hacker Paige Thompson has pleaded not guilty to all charges on her first appearance in court. Appearing at the Western District of Washington federal court late last week, Thompson pleaded not guilty to charges that included wire fraud, and computer fraud and abuse. She could be sentenced to up to 25 years in prison if convicted. A full trial is…
Read More

Catching Up 3/19/2019

I’m overdue for an update, so here we go!  I came across some pretty cool stuff recently.  I know I’ve said this before, but it really is a fantastic time to be involved in DFIR! Nick Caldwell won me over with the very first article of his I came across, and he hasn’t disappointed me since!  He’s such a solid force of wisdom: https://hackernoon.com/the-worst-career-advice-i-ever-received-54aaf2a50c93 https://medium.com/@nickcaldwell/latest @NickCald Unless you live in a cave, you probably already knew this, but Eric…
Read More

Reddit, Lets Talk About It

Sorry for the very long delay. Between heading out to DC to TA/Moderate the FOR585 class and work, it has been very chaotic! No excuse, but just very busy. One thing though that I have been working on has been reversing the Reddit App that came out about a year or so ago. Now, what really drew me to this is I'm not seeing a lot of support from the main forensic tools out there…
Read More

So You Want to Get into DFIR? Private Sector Edition

So you've decided that public sector is just not for you. Nothing wrong with that! We just need to work on getting you ready for different suits. This is a different animal all together! If you have a love for white collar issues, you'll see there is no end to the work you can do. If you love threat hunting, this will be a joy! What am I going to work?  This is going to…
Read More

Command Line or: How I learned to stop relying on GUI interfaces and love the syntax

So this is a little later than I thought I would post this, but life gets in the way! This is something very near and dear to me for a specific reason, my mentor was extremely anti GUI software. Not because he didn't understand (although he was about as G-Man you could imagine), but because he felt that to really understand the data, you needed to get into the weeds. Most vendor software out there…
Read More

Playing Nice in the Sandbox Together

Tell me how many of these you've heard of: Blue Team, Red Team, Purple Team, Green Team, Sprinkles Team ...okay that last one I just made up. Also, why doesn't DFIR ever have its own "team?" I'm not going to explain them all to you, but yes, these are in-fact terms of explanation of the many facets of IT Security in some way. In the mil days, they were a way of distinguishing who would…
Read More

So, who am I?

Many are probably wondering who I am and if this is worth their own time. My hope is that it will be! To start, I won't go into my background too much...if you want to know it you'll probably be able to ask around to put the pieces together. Also, I'm not of the kind of person who thinks degrees and certs make the person. Do I have those? Yes, I do. We will leave…
Read More

Removing the Cloak

So I was basically challenged into starting up a blog in relation to giving back to the community. This was largely pushed by many of the SANS instructors within the digital forensics curriculum as there is a large gap within the field as a whole. Coming from my previous employer, this was just something that couldn't be done. We are always pushed to err on the side of caution while conducting any activity online as…
Read More

Forensic 4:cast 2018

This year, I have been nominated by the #DFIR industry for two categories of the Forensic 4:Cast awards (https://forensic4cast.com/). Please vote for Devon Ackerman as "Digital Forensic Investigator of the Year" and vote for this website, AboutDFIR.com, for "Digital Forensic Resource of the Year" for 2018. Regardless of who you cast your Forensic 4:cast 2018 votes for, please consider joining Mary Ellen and I in Austin, Texas at the SANS conference to celebrate no matter…
Read More