Digital Forensics & Cyber Security Blog
Digital Forensics & Cyber Security Blog
Microsoft Issues Adobe Patch to Tackle Flash Zero-Day
Microsoft has released Adobe's patch for a critical flaw in Flash Player that suspected North Korean hackers have exploited in malicious Excel sheets. Researchers at Cisco Talos said hackers known as Group 123 were using the zero-day Flash flaw and Excel sheets to deliver the ROKRAT remote-administration tool. The use-after-free vulnerability in [...]
Half of Norway Had Their Data Compromised
Hackers have breached the systems of Norway's Health South East RHF (Helse Sør-Øst RHF), and possibly made off with personal information and health records of approximately 3 million Norwegians. Health South-East is investigating an unauthorized intrusion into its IT systems which may have breached the personal data of over half [...]
The Best Open Source Digital Forensic Tools
Forensic investigations are always challenging as you may gather all the information you could for the evidence and mitigation plan. Here are some of the computer forensic investigator tools you would need. Most of them are free! Whether it’s for an internal human resources case, an investigation into unauthorized [...]
A Vancouver Driver Was Caught Playing Pokemon Go While Driving
In November, a Canadian man took distracted driving to a new level by setting up his own entertainment system on his steering wheel with string. He was caught when a traffic officer spotted him wearing headphones and noticed a tablet and mobile phone attached to the wheel. The Vancouver Police [...]
iPhone Gadgets We Actually Want
If you'll be shopping on Black Friday these are come gadgets that are worth checking out. This Classic Mac Style Phone Dock That'll Flash You Back To Elementary School Grab one of these docks, download the Word Munchers app, and bring your iPhone back to 1989. This Tiny iDisk That'll Double Your Phone's [...]
A Flaw in Google’s Bug Tracker Exposed Private Security Vulnerability Reports
The bug allowed the researcher to see the most sensitive vulnerabilities in Google's services. However the bug was patched within an hour of learning about the exploit. Google has an internal platform called Google Issue Tracker that tracks a list of bugs and unpatched vulnerabilities, but that platform itself had [...]
Malware Using Security Camera & Infared Light to Steal Information
Organizations use to protect their internal networks from Internet attacks by using firewalls, intrusion detection systems(IDSs) and intrusion prevention systems (IPSs). For a higher degree of protection, so-called ‘air-gap‘ isolation is used. Once the malware deployed attackers try to establish communication over the covert channel to bypass IPS, IDS, and Firewalls. Over [...]
Biggest Data Breaches of the 21st Century
Data breaches happen daily around the world so it's difficult to keep track of all of them. Below we've comprised a list of some of the largest and most damaging data breaches in history. Friend Finder (412 million accounts, 2016) Casual-hookup and adult-content websites are perfectly legal in most Western [...]
The Yahoo Breach was the Biggest in History
In August 2013 affected every single customer account that existed at the time, Yahoo parent company Verizon said on Tuesday. The total number of accounts attacked is 3 billion - and that includes Tumblr, Fantasy and Flickr. In 2016, Yahoo reported that the breach affected. Names, email addresses and passwords, but not [...]
Beware: Fake and Vulnerable WordPress Plugins
A fake Wordpress plugin containing a backdoor and three zero-day vulnerabilities—all affecting the high-profile blogging platform WordPress—were recently discovered. The three plugins with zero-day vulnerabilities which were exploited are Appointments, Flickr Gallery, and RegistrationMagic-Custom Registration Forms. The fake plugin which contains backdoor is X-WP-SPAM-SHIELD-PRO.The three-zero day exploits, which are being exploited in the [...]