Digital Forensics & Cyber Security Blog
Digital Forensics & Cyber Security Blog
The Uber data breach cover-up: A timeline of events
When former Uber CSO Joe Sullivan was charged earlier this month for his alleged role in the Uber data breach cover-up, it was the latest in a series of events for the ride-sharing company that date back to 2014. Sullivan, who is currently CSO of Cloudflare, was charged with one [...]
Five Windows 10 tips to help safeguard your privacy
Here are some simple tips and resources to help you protect your privacy while you're on, or off your PC. Unlock your computer using your face, fingerprint or secure PIN. Control which apps get to use your camera and microphone. Create and use strong passwords. Manage privacy options in Windows [...]
University of Utah Pays $457,000 to Ransomware Gang
The University of Utah revealed today that it paid a ransomware gang $457,059 in order to avoid having hackers leak student information online. The incident is the latest in a long string of ransomware attacks where criminal groups steal sensitive files from the hacked companies before encrypting their files; and [...]
Beware of Potential Unemployment Insurance Fraud
The U.S. Secret Service reports that impostors using stolen identities have received hundreds of millions of dollars in fraudulent unemployment benefits in states across the country. These sophisticated criminals, often based overseas, file unemployment claims using Social Security numbers and other personally identifiable information belonging to identity theft victims. Because [...]
Workstation Hardening In a Remote Environment
Whether you’re sick and can’t make it to work that day or there’s a pandemic affecting the world, working remotely has become vital for organizations. The importance of securing communications when it comes to remote work is clear, considering that malicious threat actors will take advantage of weak communications and [...]
A 17-year-old critical vulnerability discovered in Windows Server
Security researchers from Check Point Research discovered a critical vulnerability in DNS Server component of Windows Server, which affects every version of Windows Server released in the past 17 years and allows an attacker to fully compromise a system. The vulnerability, identified as CVE-2020-1350 and named SigRed, belongs to remote [...]
Where is that Dongle?
Where is your dongle? That was one of the first questions asked by a student when I was teaching my first FTK training course back in 2001. I had no idea what he was asking. Later I learned we had to have a "security" or dongle to help prevent folks [...]
Snake ransomware poses unique danger to industrial systems
While ransomware continues to be a major threat to enterprise IT environments around the world, a new family of ransomware poses a unique danger to companies with industrial control systems. Snake, also known as Ekans ("snake" spelled backward), follows the classic ransomware formula of encrypting most files on the target [...]
DOD’s Cybersecurity Maturity Model Certification
In January, the U.S. Department of Defense released the Cybersecurity Maturity Model Certification requirements, outlining new cybersecurity stipulations for DOD contractors. There is no deadline for compliance with this new standard, but defense contractors should expect to see its specifications incorporated into new DOD contract bid requirements. Abbreviated CMMC, the [...]
Microsoft fixes Windows Codecs flaws
Microsoft released two out-of-band security patches to address remote code execution vulnerabilities affecting Windows 10 Codecs Library, weeks ahead of the next Patch Tuesday when the company typically releases updates. The first codecs vulnerability, disclosed as CVE-2020-1425, was rated critical. If an attacker successfully exploited the flaw, they "could obtain [...]