Archive for incident response

January 25 2017, Episode 387, Show Notes

Posted in Breach, Conference Coverage, criminal forensics, darkweb, Exclusive, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , on January 25, 2017 by datasecurityblog

Episode 387 of The CyberJungle is about 26 minutes long.  The interview with Leon Kuperman from CujoThe interview with Dr. Fred Cohen, begins at about 10:30., begins at about 15:30. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 387 via the flash player:

Interview

Leon Kuperman from Cujo , enter CES at checkout for the discount mentioned in the segment

Our Take on This Week’s News

Charger mobile ransomware

Cisco WebEx extension opens Chrome users to drive-by malware attacks

Already on probation, Symantec issues more illegit HTTPS certificates

Chrome dev explains how modern browsers make secure UI just about impossible

The 5 Gotchas Of Cyber Incidents

How did Private Manning get caught, if WikiLeaks doesn’t reveal sources?

Tales from The Dark Web

Financial Cyberattacks Rose 22.49 Percent Q4 2016

Advertisements

Aug 15, 2014, Episode 347, Show Notes

Posted in Business Continuity, Conference Coverage, criminal forensics, darkweb, eMail Security, Exclusive, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , on August 14, 2014 by datasecurityblog

Episode 347 of The CyberJungle is about 36 minutes long.  Daniel Ayoub’s Kickstarter project for SOHO infosec starts at 13min. Adam Shostack on transparent incident response starts at about 21min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 347 via the flash player:

Interview

Daniel Ayoub’s Kickstarter project for SOHO infosec

Adam Shostack on transparent incident response

Our Take on This Week’s News

SOHOpelessly Broken SOHO router/firewall

IRA failed to perform background checks on contractors

 

Tales from The Dark Web

Urgent Adobe PDF patching, or install alternatives now

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

Basis Technology

 

 

 

 

 

Cyberattack Puts Child Porn On Your Computer – How Do You Respond?

Posted in criminal forensics, darkweb, Vulnerabilities with tags , , , , , on May 25, 2014 by datasecurityblog

We’re seeing a horrifying variants of the Cryptolocker attack. Recall the “ransomware” that generated big cybercrime profit last year by holding data hostage and demanding money from the rightful owners after locking them out of their own files.

The new attack may target hiring managers who post online job openings. A resume comes in with a malware payload. Managers circulate the news about a promising candidate. The resume gets forwarded among the bosses, and the attack spreads.

The most frightening variant of this family of malware, called Kovter has been seen by adding child porn to the mix. Malware detection company Damballa reports that once this variant attacks a computer system, the sets out to find adult websites that may be sitting in the browser history. If there are none, it implants child porn into the computer, and then freezes a screenshot on the browser as an extortion tool.

While relatively few people have been affected so far, the number of systems impacted by this family of malware has more than doubled over the last month from 7,000 to 15,000, the impact of this attack could be devastating. It’s critical to understand that anyone accused of “storing” child pornography will be faced with a crushing round of legal problems.

Child porn is radioactive, and the law surrounding it is so unforgiving, that no matter what you do, you’re probably in trouble. We are even aware of a forensic expert who was prosecuted because he had images on his computer that were related to a case he was working on.

If child pornography were to suddenly appear on your screen (assuming you didn’t put it there), do not try to delete the files, do not forward them, and do not look to see what else is going on in the computer.

The best course of action is to immediately shut down the computer and take it to your attorney’s office, explain what happened, and request that he or she lock it up. If you’re at work, shut down your computer and go immediately to the HR manager or to your boss, and report the occurrence. Explain that the attack has the potential to spread throughout the organization unless it’s immediately isolated.

The next step will be locating people who understand the both the law, and the range of cyberattacks that may have taken place, then deciding how to approach law enforcement. Assuming you didn’t alter any data on your hard drive, a proper forensic examination of the machine should confirm when the files appeared, and that you do not have a history of browsing for child pornography.

In the workplace scenario, be very alarmed if your employer seems unconcerned, or directs you to turn on your computer and get back to work. If the company has in-house legal counsel, ask to speak with one of the attorneys.

If there’s no in-house lawyer, or if you have a contentious relationship with your employer, you may want to ask your own attorney to contact your employer and request the computer be put in quarantine pending further investigation.

In the worst possible case, a court order might be necessary. The employer might misunderstand the event, or use it as a reason to fire you.

One more problem – your attorney may not have encountered child porn, or may have limited knowledge about how to examine the evidence without getting you into trouble. He or she may need to research the subject first, and that could mean an uncomfortable couple of days for you at work.

Please take this seriously. Cryptolocker also started small, and became a significant danger in a short time. We hope the Kovter attack doesn’t achieve similar reach, but we also hope those who get hit will respond in a way that doesn’t compound their troubles.

By: Ira Victor, GIAC G17799 GCFA GPCI GSEC ISACA CGEIT CRISC

Digital Forensic Analyst, and Host, CyberJungle Radio

———————————————————————————-

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

 

 

 

 

July 15th 2013, Episode 308, Show Notes

Posted in Breach, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , on July 15, 2013 by datasecurityblog

Episode 308 of The CyberJungle is about 30 minutes long.  The interview with Lance James on DDOS attacks begin at about the 17min mark. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 308 via the flash player:

Interviews

Lance James speaks on DDOS attacks on Thursday August 1st, 5pm at Black Hat Las Vegas

Tales From The Dark Web

DefCon Bounces the Feds?

Our Take On This Week’s News

New Windows 8.1 “Feature” allows Microsoft to track your desktop searches

Another botched Windows patch: MS13-057/KB 2803821/KB 2834904

WellPoint fined for exposing health data

Please support our sponsors, as they support The CyberJungle

HTCIA International Conference and Training Expo 2013

HTCIA International Conference and Training Expo 2013

The High Technology Crime Investigation Association (HTCIA) Annual conference is committed to bringing its participants – members or non-members — the best training, tools and networking the industry has to offer.

We rely on the generosity of our sponsors, who take a vested interest in working with us to develop a conference that exemplifies what the HTCIA organizations stands for. By fostering the exchange of investigation-related information and ideas, we bring together a community of professionals who help one another understand and adapt to our rapidly evolving industry–to everyone’s benefit.

The 2013 conference is being held from September 8-11, 2013 in Las Vegas, NV [Summerlin is the western side of Las Vegas, 15min from Downtown via freeway].

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

 

 

July 11th 2013, Episode 307, Show Notes

Posted in Breach, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , on July 11, 2013 by datasecurityblog

Episode 307 of The CyberJungle is about 30 minutes long.  The interview with Jeff Hudson of Venefi begins at about the 17min mark. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 307 via the flash player:

Interviews

Jeff Hudson, CEO of Venefi. Here is the link to the Vendfi blog.  Security disclosure mentioned in the interview.

Tales From The Dark Web

US agency baffled by modern technology, destroys mice to get rid of viruses. More in-depth reporting at Federal Radio News.

Our Take On This Week’s News

Keep your pants on: A reality check about this latest Android malware scare

IRS releases thousands of Social Security numbers

Please support our sponsors, as they support The CyberJungle

HTCIA International Conference and Training Expo 2013

HTCIA International Conference and Training Expo 2013

The High Technology Crime Investigation Association (HTCIA) Annual conference is committed to bringing its participants – members or non-members — the best training, tools and networking the industry has to offer.

We rely on the generosity of our sponsors, who take a vested interest in working with us to develop a conference that exemplifies what the HTCIA organizations stands for. By fostering the exchange of investigation-related information and ideas, we bring together a community of professionals who help one another understand and adapt to our rapidly evolving industry–to everyone’s benefit.

The 2013 conference is being held from September 8-11, 2013 in Las Vegas, NV [Summerlin is the western side of Las Vegas, 15min from Downtown via freeway].

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

 

January 17, 2011 – Episode 244

Posted in Breach, criminal forensics, darkweb, ediscovery, Exclusive, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , on January 17, 2012 by datasecurityblog

Episode 244  of  The CyberJungle is about 30 minutes long.  You can hear it by clicking on the flash player below. The interview with  M1ster_E on the CyberMilitia begins at about 16min. You may download the file directly – great for listening on many smartphones. Or, you  may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 244 via the flash player:

Interview

M1ster_E on the CyberMilitia. Join this Reddit area to help fight members of the Dark Web

Our Take On This Week’s News

Zappos Breach Illustrate the Need for Stronger Password Rules

Malware stole City College of San Francisco data for years

Tales From The Dark Web

Spam Emails Link To QR Codes

Wrap

The Qualcomm Tricorder X PRIZE