15 Aug 2023
By Devon

Day 4 – Excerpt from Chapter 4 – User Causality in the context of DFIR

Day 4 - Excerpt from my newly released book, "Diving In - An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn" which you can get your copy here -> https://www.amazon.com/Diving-Responders-Executives-Insurance-Audiences/dp/B0CCCHTN8R "User causality in the context of Digital Forensics science refers to the relationship between a user's actions (cause) and the resulting impact on a digital system (effect) which fundamentally underpins Locard’s Exchange Principle. Understanding this cause-and-effect relationship is…
Read More
14 Aug 2023
By Devon
Day 3 – Locard’s Exchange Principle and #DFIR

Day 3 – Locard’s Exchange Principle and #DFIR

Day 3 - Excerpt from my newly released book, "Diving In - An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn" which you can get your copy here -> https://www.amazon.com/Diving-Responders-Executives-Insurance-Audiences/dp/B0CCCHTN8R "Locard's Exchange Principle is a fundamental concept in traditional forensic science, which posits that 'every contact leaves a trace.' In other words, any interaction between an individual and their environment will result in the transfer of physical evidence…
Read More
24 Jul 2023
By Mary

InfoSec News Nuggets 07/24/2023

Bill that Would Stop the Government Buying Data Without a Warrant Passes Key Hurdle  A group of lawmakers on the House Judiciary Committee passed a proposed piece of legislation that would stop government agencies buying data without a warrant. The Fourth Amendment is Not for Sale Act was in part written in response to Motherboard’s continued revelations about the location data industry. “By passing the Fourth Amendment Is Not For Sale Act, both Democrats and Republicans on…
Read More
17 Mar 2023
By Mary

InfoSec News Nuggets 03/17/2023

Apple is reportedly experimenting with language-generating AI If not for last week’s Silicon Valley Bank (SVB) collapse almost every conversation in tech seems to be centered around AI and chatbots. In the last few days, Microsoft-backed OpenAI released a new language model called GPT-4. Its competitor Anthropic released the Claude chatbot. Google said that it is integrating AI into its Workspace tools like Gmail and Docs. Microsoft Bing has brought attention to itself with a chatbot-enabled search. The one name missing from…
Read More
12 May 2021
By Mary

InfoSec News Nuggets 05/12/2021

1 - Amazon Fake Reviews Scam Exposed in Data Breach The SafetyDetectives cybersecurity team uncovered an open ElasticSearch database exposing an organized fake reviews scam affecting Amazon. The server contained a treasure trove of direct messages between Amazon vendors and customers willing to provide fake reviews in exchange for free products. In total, 13,124,962 of these records (or 7 GB of data) have been exposed in the breach, potentially implicating more than 200,000 people in unethical activities.…
Read More
25 Mar 2021
By Mary

InfoSec News Nuggets 03/25/2021

Amazon Delivery Drivers Forced to Sign ‘Biometric Consent’ Form or Lose Job Amazon delivery drivers nationwide have to sign a "biometric consent" form this week that grants the tech behemoth permission to use AI-powered cameras to access drivers' location, movement, and biometric data. If the company’s delivery drivers, who number around 75,000 in the United States, refuse to sign these forms, they lose their jobs. The form requires drivers to agree to facial recognition and other…
Read More
20 Jan 2021
By Mary

InfoSec News Nuggets 01/20/2021

How one hacker's push to secure the internet became a crucial part of Mac, Linux, and Windows operating systems Jason A. Donenfeld is relentlessly curious about everything, from ancient cities to cutting edge cryptography. When he's not developing WireGuard, known as the most secure VPN protocol in the world, the security researcher enjoys exploring the vast network of centuries-old limestone tunnels beneath Paris. Donenfeld, who is 32, originally came to Paris in 2010, after landing…
Read More
13 Nov 2020
By Mary

InfoSec News Nuggets 11/13/2020

Japan’s creepy robot wolf scares away crop-raiding deer, bears A Japanese town has deployed robot wolves in the hopes of scaring away bears and other wildlife that can damage crops -- or potentially injure residents. The robot, simply named "Monster Wolf," is being tested in a town called Takikawa, located on the Hokkaido island in Northern Japan.  As reported by JAPANkyo, the 'scarecrow' has been created by Ohta Seiki and measures roughly 24-inches long, sporting a furry body, four…
Read More
28 Oct 2020
By Mary

InfoSec News Nuggets 10/28/2020

Bot orders $18,752 of McSundaes every 30 min. to find if machines are working Burgers, fries, and McNuggets are the staples of McDonald's fare. But the chain also offers soft-serve ice cream in most of its 38,000+ locations. Or at least, theoretically it does. In reality, the ice cream machines are infamously prone to breaking down, routinely disappointing anyone trying to satisfy their midnight McFlurry craving. One enterprising software engineer, Rashiq Zahid, decided it's better to…
Read More
29 Sep 2020
By Mary

InfoSec News Nuggets 09/29/2020

Federal Judge Temporarily Blocks Trump's TikTok Ban A federal judge Sunday granted TikTok's request for a temporary injunction to block the Trump administration's order that would have banned the Chinese social media app from the U.S. starting Monday. Judge Carl Nichols of the U.S. District Court for the District of Columbia issued his decision Sunday - a few hours before the Trump administration's ban would have forced Apple and Google to remove the TikTok video-sharing app from…
Read More
22 Sep 2020
By Mary

InfoSec News Nuggets 09/22/2020

ByteDance says it will not transfer algorithm and technology to Oracle as part of TikTok deal ByteDance will not transfer algorithms and technologies to Oracle as part of a deal announced over the weekend to keep social media app TikTok operating in the U.S. President Donald Trump said he approved a deal on Saturday that will see the creation of a U.S.-headquartered firm called TikTok Global with Oracle and Walmart taking minority stakes. Oracle will become TikTok’s secure cloud…
Read More
01 Sep 2020
By Mary

InfoSec News Nuggets 09/01/2020

Cybercriminals Make Millions Selling Stolen Fortnite Accounts, New Research Shows Thousands of stolen Fortnite accounts are selling like hotcakes in underground marketplaces, amassing around $1.2 million a year for cybercriminals, a new report shows. The Fortnite Underground Cybercrime Economy report sheds light on a million-dollar business that capitalizes on the popularity of the free-to-play video game that managed to attract over 350 million players within three years of its launch. According to researchers from Night Lion Security,…
Read More
13 Jul 2020
By Mary

InfoSec News Nuggets 7/13/2020

Secret Service merging electronic and financial crime task forces to combat cybercrime The new merged network of task forces, to be known as Cyber Fraud Task Forces (CFTFs), will detect, prevent and root out cyber-enabled financial crimes, such as business email compromise and ransomware scams, “with the ultimate goal of arresting and convicting the most harmful perpetrators,” the Secret Service said in a press release. The agency hopes the reorganization integrates the resources and know-how in the previous…
Read More
16 Jun 2020
By Mary

InfoSec News Nuggets 6/16/2020

Amazon CEO Jeff Bezos agrees to testify before antitrust hearing Amazon and a handful of other major tech companies are facing increased pressure from a series of investigations from the US House and Senate, the Justice Department and Federal Trade Commission into their potential monopolistic practices. For Amazon, the investigations have often focused on Amazon's use of private label items to compete against much smaller retailers on its platform. Calls for Bezos to testify before…
Read More
12 Jun 2020
By Mary

InfoSec News Nuggets 6/12/2020

Interpol arrests flamboyant Nigerian socialite, Ray Hushpuppi for alleged $35 million COVID-19 Internet scam Eyewitnesses in Dubai said Hushpuppi and his friend where ‘allegedly surrounded by the International police and FBI on the grounds of being fraud suspects’. Hushpuppi who said he will not come back to Nigeria has been accused of being an Internet fraudster because of his flamboyant and expensive lifestyles without a convincing business and source of his lavish lifestyle. According to…
Read More
19 May 2020
By Mary

InfoSec News Nuggets 5/19/2020

Crooks are using realistic-looking webpage templates to trick you into handing over personal data Cyber criminals are still attempting to exploit the coronavirus pandemic for their own gain and they're being helped by website templates that allow them to mimic government agencies and companies. Researchers at cybersecurity company Proofpoint have identified over 300 phishing campaigns designed to steal personal information and bank details from victims – and many are using sites that are indistinguishable from the real thing, complete…
Read More
15 Apr 2020
By Mary

InfoSec News Nuggets 4/15/2020

Amazon stops accepting new online grocery customers amid surging demand Amazon will begin to put new grocery delivery customers on a wait-list and curtail shopping hours at some Whole Foods stores to prioritize orders from existing customers buying food online during the coronavirus outbreak, the company said on Sunday. Many shoppers recently seeking to purchase groceries from the Seattle-based ​e-commerce company found they could not place orders due to a lack of available delivery slots. Amazon…
Read More
13 Apr 2020
By Mary

InfoSec News Nuggets 4/13/2020

Facebook proposes 3D navigation task for training autonomous robots Researchers at Facebook, the Georgia Institute of Technology, and Oregon State University describe in a preprint paper published this week a new task for AI — navigating a 3D environment by listening to natural language directions (e.g., “Go down the hall and turn left at the wooden desk”). They say this could lay the groundwork for robot assistants that follow natural language instructions. The researchers’ task, which they…
Read More
30 Mar 2020
By Mary

InfoSec News Nuggets 3/30/2020

Rare BadUSB attack detected in the wild against US hospitality provider A US hospitality provider has recently been the target of an incredibly rare BadUSB attack, ZDNet has learned from cyber-security firm Trustwave. The attack happened after the company received an envelope containing a fake BestBuy gift card, along with a USB thumb drive. The receiving company was told to plug the USB thumb drive into a computer to access a list of items the…
Read More
23 Mar 2020
By Mary

InfoSec News Nuggets 3/23/2020

1 - Patch for Recently Disclosed VMware Fusion Vulnerability Incomplete The patch released recently by VMware for a privilege escalation vulnerability affecting Fusion for Mac have been found to be incomplete. VMware informed customers on March 17 that Fusion, Remote Console (VMRC) and Horizon Client for Mac are affected by a high-severity privilege escalation vulnerability caused by the improper use of setuid binaries. The company released updates that should have patched the vulnerability, which is tracked as…
Read More
10 Mar 2020
By Mary

InfoSec News Nuggets 3/10/2020

1 - Dutch Privacy Regulator Fines Tennis Association for Selling Personal Data Without Proper Consent The Dutch Data Protection Authority (AP) has imposed a fine of 525,000 euros on tennis association KNLTB for selling personal data without proper consent. In 2018, the KNLTB unlawfully provided personal data of a few hundred thousand of its members to two sponsors for a fee. The Royal Dutch Lawn Tennis Association (KNLTB) provided the sponsors with personal data such…
Read More
23 Jan 2020
By Mary

InfoSec News Nuggets 1/23/2020

1 - FBI Warns Job Applicants of Scams Using Spoofed Company Sites FBI's Internet Crime Complaint Center (IC3) today issued a public service announcement to warn about scammers using spoofed company websites and fake job listings to target applicants. "Since early 2019, victims have reported numerous examples of this scam to the FBI. The average reported loss was nearly $3,000 per victim, in addition to damage to the victims’ credit scores," the FBI says. "While hiring…
Read More
10 Jan 2020
By Mary

InfoSec News Nuggets 1/10/2020

1 - Jussie Smollett investigation: Judge orders Google to turn over a full year of the actor’s data as part of special prosecutor probe A Cook County judge has ordered Google to turn over Jussie Smollett’s emails, photos, location data and private messages for an entire year as part of the special prosecutor’s investigation into the purported attack on the actor. Two sweeping search warrants, obtained by the Chicago Tribune, provide the first public glimpse…
Read More
11 Dec 2019
By Mary

InfoSec News Nuggets 12/11/2019

1 - Bitcoin-hungry hackers broke their own decryption tool, analysts warn Cybersecurity researchers warn that paying Bitcoin $BTC▼2.23% to retrieve files locked by the prolific Ryuk ransomware may still result in data loss. This means that Ryuk‘s latest victims are stuck between a rock and a hard place. If they refuse to send their attackers Bitcoin, they’ll lose access to their data altogether, but if they pay, the hackers will provide them with a decryption tool that doesn’t work. Software…
Read More
22 Nov 2019
By Mary

InfoSec News Nuggets 11/22/2019

1 - Midwest Gets First Cybercrime-Fighting Dog Police in Nebraska have recruited a highly trained dog to assist them in the fight against cybercrime. Two-year-old black Labrador Quinn has joined the Bellevue Police Department as the Midwest's first-ever electronic storage device K-9 officer. Unlike most sniffer dogs, who are taught to detect drugs, Officer Quinn has been specially trained to sniff out a particular chemical used in electronic devices like SIM cards, cell phones, and micro SD…
Read More
20 Nov 2019
By Mary

InfoSec News Nuggets 11/20/2019

1 - Wikipedia co-founder offers a Facebook/Twitter wannabe How much would you pay for a Facebook- or Twitter-like social network experience, but one in which you’re not tracked, your personal information and web history aren’t gobbled up, and you aren’t e-hounded by targeted ads? For those of us who haven’t already jumped the Facebook ship and might still be interested in relinquishing our roles as products, Wikipedia co-founder Jimmy Wales has set up a social…
Read More
11 Nov 2019
By Mary

InfoSec News Nuggets 11/11/2019

1 - Brazilian government announces creation of AI lab network The Brazilian government has announced it will create a network of eight research facilities focused on artificial intelligence (AI). The minister of science, technology, innovation and communications, Marcos Pontes, made the announcement during the opening speech of an event focused on public sector innovation in the country's capital, Brasília. "[The creation of the centers] has been one of the priorities [for the Ministry] in order…
Read More
05 Nov 2019
By Mary

InfoSec News Nuggets 11/05/2019

1 - Conveyancing law firms targeted in new multimillion-rand cyber scam A new multimillion-rand cyber fraud scam allegedly headed by Nigerians and targeting attorneys dealing with big-money property transactions has been exposed in a graft case in the Joburg Commercial Crime Court. Olutunji Abdul, a Nigerian, and Siphosihle Sithole, a South African, are standing trial in a R7.8million matter in what investigators termed the new “business email compromise” (BEC) fraud. Last week in the Joburg…
Read More
23 Oct 2019
By Mary

InfoSec News Nuggets 10/23/2019

1 - Vatican's wearable rosary gets fix for app flaw allowing easy hacks The road to internet-connected salvation is paved with cybersecurity issues. The Vatican discovered that Thursday, after a security researcher disclosed a severe vulnerability with the "Click to Pray" eRosary app. On Wednesday, the Vatican announced its $110 wearable rosary, an internet of things device that syncs with an app from the Pope's Worldwide Prayer Network. One advantage of IoT devices is that they open up a…
Read More
18 Oct 2019
By Mary

InfoSec News Nuggets 10/18/2019

1 - California adds biometric specs to data breach law California is changing its Information Practices Act of 1977 to expand the definition of personal information with additional identifiers, including biometric data of those affected. The amendment comes with new instructions on how to notify affected parties by a breach. The legislation is old and uses a definition too broad to describe personal information in all the shapes and forms found today. As such, amendment…
Read More
26 Sep 2019
By Mary

InfoSec News Nuggets 9/26/2019

Whoops! Google Says Mysterious Wave of Unbootable Macs Is Their Bad A serious flaw in Google Keystone, which controls Chrome updates, is capable of doing major damage to macOS file systems on some computers and has been linked to data corruption that struck Hollywood video editors and others on Monday evening, Variety reported. Initially, blame for the corrupted file systems was largely directed at Avid and its Media Composer software, which was identified as a common link by film and…
Read More