Archive for malware

May 29 2018, Episode 401, Show Notes

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Exclusive, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on May 29, 2018 by datasecurityblog

Episode 401 of The CyberJungle is about 32 minutes long.  The interview with Steve Whalen of Sumuri starts at 12:45, and the twin interviews with Jerry Kaner of Ciphertex and Jeff Hedlesky of OpenText, starts at 19:27. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 400 via the flash player:

Newsmaker Interviews

Sumuri CEO Steve Whalen on new MAC forensic tools

High speed forensic imaging and encryption with Jerry Kaner, CEO of Ciphertex and Jeff Hedlesky, Evangelist with OpenText . The link for training.

Our Take on This Week’s News

Stealthy, Destructive Malware Infects Half a Million Router

Big bimmer bummer: Bavaria’s BMW buggies battered by bad bugs
How One Recalled SUV Destroyed $45 Million In Cars, Burned A Massive Ship, And Sparked A Legal Battle Between Ford And BMW
How to turn off bold/italics/underline in HTML mail displayed as plaintext?
Efail or OpenPGP is safer than S/MIME

Tales from The Dark Web

On break due to Enfuse 2018 coverage

Wrap

10th Anniversary content coming in a future episode

PLEASE SUPPORT OUR SPONSOR – PFIC: Paraben Forensic Innovations 2018

This 2-day event brings together industry experts on a variety of topics in both lectures and labs. The best part of PFIC is as an attendee you get to attend 100% of the content with the unique rotating format of A and B days. One day you attend all the lectures the next you attend all the labs. Plus see Ira Victor, of the CyberJungle, speak. Register early seats are limited.

 

PFIC 2017,

 

Advertisements

Cyberattack Puts Child Porn On Your Computer – How Do You Respond?

Posted in criminal forensics, darkweb, Vulnerabilities with tags , , , , , on May 25, 2014 by datasecurityblog

We’re seeing a horrifying variants of the Cryptolocker attack. Recall the “ransomware” that generated big cybercrime profit last year by holding data hostage and demanding money from the rightful owners after locking them out of their own files.

The new attack may target hiring managers who post online job openings. A resume comes in with a malware payload. Managers circulate the news about a promising candidate. The resume gets forwarded among the bosses, and the attack spreads.

The most frightening variant of this family of malware, called Kovter has been seen by adding child porn to the mix. Malware detection company Damballa reports that once this variant attacks a computer system, the sets out to find adult websites that may be sitting in the browser history. If there are none, it implants child porn into the computer, and then freezes a screenshot on the browser as an extortion tool.

While relatively few people have been affected so far, the number of systems impacted by this family of malware has more than doubled over the last month from 7,000 to 15,000, the impact of this attack could be devastating. It’s critical to understand that anyone accused of “storing” child pornography will be faced with a crushing round of legal problems.

Child porn is radioactive, and the law surrounding it is so unforgiving, that no matter what you do, you’re probably in trouble. We are even aware of a forensic expert who was prosecuted because he had images on his computer that were related to a case he was working on.

If child pornography were to suddenly appear on your screen (assuming you didn’t put it there), do not try to delete the files, do not forward them, and do not look to see what else is going on in the computer.

The best course of action is to immediately shut down the computer and take it to your attorney’s office, explain what happened, and request that he or she lock it up. If you’re at work, shut down your computer and go immediately to the HR manager or to your boss, and report the occurrence. Explain that the attack has the potential to spread throughout the organization unless it’s immediately isolated.

The next step will be locating people who understand the both the law, and the range of cyberattacks that may have taken place, then deciding how to approach law enforcement. Assuming you didn’t alter any data on your hard drive, a proper forensic examination of the machine should confirm when the files appeared, and that you do not have a history of browsing for child pornography.

In the workplace scenario, be very alarmed if your employer seems unconcerned, or directs you to turn on your computer and get back to work. If the company has in-house legal counsel, ask to speak with one of the attorneys.

If there’s no in-house lawyer, or if you have a contentious relationship with your employer, you may want to ask your own attorney to contact your employer and request the computer be put in quarantine pending further investigation.

In the worst possible case, a court order might be necessary. The employer might misunderstand the event, or use it as a reason to fire you.

One more problem – your attorney may not have encountered child porn, or may have limited knowledge about how to examine the evidence without getting you into trouble. He or she may need to research the subject first, and that could mean an uncomfortable couple of days for you at work.

Please take this seriously. Cryptolocker also started small, and became a significant danger in a short time. We hope the Kovter attack doesn’t achieve similar reach, but we also hope those who get hit will respond in a way that doesn’t compound their troubles.

By: Ira Victor, GIAC G17799 GCFA GPCI GSEC ISACA CGEIT CRISC

Digital Forensic Analyst, and Host, CyberJungle Radio

———————————————————————————-

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

 

 

 

 

Mar 6 2014, Episode 330, Show Notes

Posted in Breach, Conference Coverage, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on March 5, 2014 by datasecurityblog

Episode 330 of The CyberJungle is about 41 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 330 via the flash player:

Interview

Andrew Lavanway, MeriTalk Fellow. Mentioned in the segment: Begging Google for an EHR, and Apple Winds HIMSS

Tales from The Dark Web

When Start-Ups Don’t Lock the Doors

The Inside Story of Mt. Gox, Bitcoin’s $460 Million Disaster

Our Take on This Week’s News

New Devices Try to Keep Prying Eyes Out

Huawei Is Turning Its Sights To U.S. Smartphone Market

NSA made Snowden leak worse: Senate Dem

Wrap

The Computer Mouse Still Roars

 

Please support our sponsors, as they support The CyberJungle

OUR NEWEST SPONSOR, ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases. Find out more at Atola.com

 

Jan 16 2014, Episode 326, Show Notes

Posted in Breach, criminal forensics, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , on January 16, 2014 by datasecurityblog

Episode 326 of The CyberJungle is about 41 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 326 via the flash player:

Special su root edition on one topic: Web Security

Interviews

John Strand, Black Hills Information Security. The webinar mentioned will be webcasted next Tuesday January 21th 2:00pm EST

Jeremy Scott, Solutionary. The report Ira mentioned in the segment.

Our Take on This Week’s News

Congressional hearing on the web security of healthcare.gov

Correction: Ira Victor stated that one witness was an HHS employee. Ira should have stated that he is contractor on government IT projects

Please support our sponsors, as they support The CyberJungle

OUR NEWEST SPONSOR, ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases. Find out more at Atola.com

 

Dec 20 2013, Episode 323, Show Notes

Posted in Breach, Conference Coverage, Court Cases, ediscovery, Exclusive, Podcast, Show Notes, The CyberJungle with tags , , , , , on December 20, 2013 by datasecurityblog

Episode 323 of The CyberJungle is about 30 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 323 via the flash player:

Interviews

Exclusive From InsideBitCoin Conference 2013: Alan Reiner, core developer and CEO, Bitcoin Armory; Justus Ranvier, Bitcoin blogger and activist, Bitcoinism Blog.

Our Take on This Week’s News

Copycat ransomware demands cash to unscramble files

Lawsuit accuses IBM of hiding China risks amid NSA spy scandal

Tales From The Dark Web

No Tales this week, due to extended coverage from Inside BitCoin Conference

Wrap

The New Armor That Lets You Sense Surveillance Cameras

Please support our sponsors, as they support The CyberJungle

OUR NEWEST SPONSOR, ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases. Find out more at Atola.com

 

Nov 27 2013, Episode 321, Show Notes

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Exclusive News, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on November 27, 2013 by datasecurityblog

Episode 321 of The CyberJungle is about 25 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 321 via the flash player:

Interviews

Amber Schroader, CEO of Paraben Forensics

Our Take on This Week’s News

Ground-breaking cyber crime case, and the Gmail flaw talked about in the segment

Malware predictions for 2014

Tales From The Dark Web

CryptoLocker surge led by drop in value in IDs?

Wrap

New technique for late night IT work?

Please support our sponsors, as they support The CyberJungle

OUR NEWEST SPONSOR, ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases:

* Excellent disk imaging speed up to 180 MB/s

* Checksum calculation: MD5, SHA (1, 224, 256, 384, 512)

* Forensic data erasure methods including DoD 5220.22-M, Security Erase, NIST 800-88, Pattern Erase

* Case management system

* ATA Password removal

* File recovery for NTFS (all versions), Ext 2/3/4, HFS, HFS+, HFSX, ExFAT, FAT16, FAT32

* High performance of the multi-pass imaging for damaged drives

* Authentic Atola HDD diagnostics that creates a detailed report in minutes.

Find out more at Atola.com

 

March 27 2013, Episode 295, Show Notes

Posted in Breach, criminal forensics, darkweb, ediscovery, Exclusive, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , on March 27, 2013 by datasecurityblog

Episode 295 of The CyberJungle is about 35 minutes long.  The interview with the Founder of Stop the Hackers begins at about the 20min mark. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 295 via the flash player:

Interview

Dr. Anirban Banerjee is the lead Primary Investigator, the VP of Research and Development, and co-founder of StopTheHacker Inc. He graduated with his Ph.D. in Computer Science, from the University of California at Riverside in 2008. Dr. Banerjee’s thesis research includes well over twenty published papers in the areas of internet security, measurements and web technology.

Tales From The Dark Web

Industrial espionage is ripping off SA firms

Our Take On This Week’s News

South Korea bank attacks should prompt rethink in U.S.

Of 1,800 serious malware NSS Labs tested, some always managed to get through — no matter what combination of protection was used

What You Didn’t Post, Facebook May Still Know

Please support our sponsors, as they support The CyberJungle

SpectorSoft

SpectorSoft: IT professionals, Risk Officers, and HR staff have more worries than ever: insider theft, inappropriate communications, inefficient processes, employee investigations, and compliance requirements. These pressing issues demand a reliable, automated, advanced technology capable of showing user, department, and division activity no matter where the users are or what devices they are using. SPECTOR 360, the de facto corporate User Activity Monitoring solution, addresses these issues and meets this demand.

SPECTOR 360 monitors, captures, and analyzes ALL user and user group activity including: email sent and received, chat/IM/BBM, websites visited, applications/programs accessed, web searches, phone calls, file transfers, and data printed or saved to removable devices.

SPECTOR 360 features automated, remote installation of the Windows and Mac clients and requires no client installation on BlackBerry devices.