Advertisement
Blogs
Subscribe to DFI News

The Lead

Security researchers at IBM said they had uncovered a series of hacking attacks aimed at Middle Eastern petrochemical companies. The researchers, at IBM’s Trusteer division, said the hackers were using a variant of financial malware known as Citadel, whic

Middle Eastern Petrochemical Plants are Targets of Hackers

September 16, 2014 | by Nicole Perlroth | Comments

Security researchers at IBM said they had uncovered a series of hacking attacks aimed at Middle Eastern petrochemical companies. The researchers, at IBM’s Trusteer division, said the hackers were using a variant of financial malware known as Citadel, which was first discovered in 2012.

TOPICS:
View Sample

SUBSCRIBE TO FREE
DFI News
EMAIL NEWSLETTER

 Two Chinese cyber espionage gangs known for targeting very different industries and working out of different regions of the nation actually use some of the same or similar tactics, tools, and resources in their spying operations, researchers found.

Franchising the Chinese APT

September 15, 2014 11:12 am | by Kelly Jackson Higgins | Comments

Two Chinese cyber espionage gangs known for targeting very different industries and working out of different regions of the nation actually use some of the same or similar tactics, tools, and resources in their spying operations, researchers found.

TOPICS:
Reports emerged earlier this week that a BlackPOS variant discovered last month by Trend Micro was to blame for the data breach at Home Depot, raising speculation that the breach was carried out by the same group that breached Target and with the same mal

Home Depot Breach May Not be Related to BlackPOS, Target

September 12, 2014 11:11 am | by Sara Peters | Comments

Reports emerged earlier this week that a BlackPOS variant discovered last month by Trend Micro was to blame for the data breach at Home Depot, raising speculation that the breach was carried out by the same group that breached Target and with the same malware. But new analysis has led some researchers to believe that it isn't related to BlackPOS at all.

TOPICS:
Nuix has demonstrated time and again that there are smarter ways to investigate big data. Customers use technologies such as near-duplicate analysis, shingle lists, topic modeling, text summarization and named entities as powerful shortcuts to the evidenc

Moving Ever Closer to the 'Find All Evidence' Button

September 11, 2014 8:17 am | by Stuart Clarke | Nuix | Comments

Nuix has demonstrated time and again that there are smarter ways to investigate big data. Customers use technologies such as near-duplicate analysis, shingle lists, topic modeling, text summarization and named entities as powerful shortcuts to the evidence they seek.

TOPICS:
Advertisement
Fifteen million mobile devices are infected with malware, and most of those run Android, according to a new report by Alcatel-Lucent's Kindsight Security Labs.

15 Million Devices Infected with Mobile Malware

September 10, 2014 10:45 am | by Sara Peters | Comments

Fifteen million mobile devices are infected with malware, and most of those run Android, according to a new report by Alcatel-Lucent's Kindsight Security Labs.                         

TOPICS:
Last week, Cindy Murphy (@cindymurph) sent me some Registry hive files ... from a Windows Phone 8. This was pretty fascinating, and fortunate, because I'd never seen a Windows phone, and had no idea if it had a Registry. Well, thanks to Cindy, I now know

Windows Phone 8 and RegRipper

September 10, 2014 10:34 am | by Harlan Carvey | Comments

Last week, Cindy Murphy (@cindymurph) sent me some Registry hive files ... from a Windows Phone 8. This was pretty fascinating, and fortunate, because I'd never seen a Windows phone, and had no idea if it had a Registry. Well, thanks to Cindy, I now know that it does!

TOPICS:
Thieves steal data constantly, so protecting it is an ongoing challenge. There are more than 6,000 banks with 80,000 branches in the United States, nearly 6,000 hospitals and thousands of insurance companies, all with data that we want to be kept private.

Zeroing In on Un-Hackable Data with Quantum Key Distribution

September 9, 2014 12:28 pm | by Donald Hayford | Comments

Thieves steal data constantly, so protecting it is an ongoing challenge. There are more than 6,000 banks with 80,000 branches in the United States, nearly 6,000 hospitals and thousands of insurance companies, all with data that we want to be kept private.

TOPICS:
Home Depot confirmed on Monday that hackers had broken into its in-store payments systems, in what could be the largest known breach of a retail company’s computer network.

Home Depot Data Breach Could be the Largest Yet

September 9, 2014 12:00 pm | by Nicole Perlroth | Comments

Home Depot confirmed on Monday that hackers had broken into its in-store payments systems, in what could be the largest known breach of a retail company’s computer network.                      

TOPICS:
The apparent credit and debit card breach uncovered last week at Home Depot was aided in part by a new variant of the malicious software program that stole card account data from cash registers at Target last December, according to sources close to the in

Home Depot Hit By Same Malware as Target

September 8, 2014 12:59 pm | by Editor | Comments

The apparent credit and debit card breach uncovered last week at Home Depot was aided in part by a new variant of the malicious software program that stole card account data from cash registers at Target last December, according to sources close to the investigation.

TOPICS:
Advertisement
The recent disclosure that hackers breached a HealthCare.gov test server this summer sparked more concern about the overall vulnerability of healthcare organizations and hope that the growing number of publicly disclosed hacks will encourage those organiz

HealthCare.gov Breach: The Ripple Effect

September 8, 2014 12:54 pm | by Alison Diana | Comments

Recent disclosure that hackers breached a HealthCare.gov test server this summer sparked more concern about the overall vulnerability of healthcare organizations and hope that the growing number of publicly disclosed hacks will encourage those organizations to expend more resources on securing data, networks, and systems.

TOPICS:
When examining ASCII text data during a forensic investigation, it is often useful to extract proper names and then rank those proper names by the highest number of occurrences. The Python language has built-in capabilities that will perform this extracti

Python Single Word / Proper Name Extraction

September 5, 2014 12:51 pm | by Chet Hosmer | Comments

When examining ASCII text data during a forensic investigation, it is often useful to extract proper names and then rank those proper names by the highest number of occurrences. The Python language has built-in capabilities that will perform this extraction swiftly and easily.

TOPICS:
In my last post, I talked about sharing what things "look like" on a system, illustrating indicators of the use of lateral movement via the 'at.exe' command. I wanted to take a moment to provide some additional insight into that post, with a view towards

What Does That Look Like, Pt II

September 5, 2014 12:42 pm | by Harlan Carvey | Comments

In my last post, I talked about sharing what things "look like" on a system, illustrating indicators of the use of lateral movement via the 'at.exe' command. I wanted to take a moment to provide some additional insight into that post, with a view towards potentially-available indicators that did not make it into the article, simply because I felt that they didn't fit with the focus of the article.

TOPICS:
Recently, I had the opportunity to do forensic analysis on a HDD extracted from a Canon ImageRunner Advanced C5240 Multifunction Copier. After a story was broken by CBS News, back in 2010, it seemed likely that less would be available than is described in

Copier Forensics in 2014: The Good, the Bad, and the Ugly

September 4, 2014 11:43 am | by Editor | Comments

Recently, I had the opportunity to do forensic analysis on a HDD extracted from a Canon ImageRunner Advanced C5240 Multifunction Copier. After a story was broken by CBS News, back in 2010, it seemed likely that less would be available than is described in the copier forensic write-ups here and here. Nonetheless, I was hopeful.

TOPICS:
FireEye Labs recently discovered a previously unknown variant of the APT backdoor XSLCmd – OSX.XSLCmd – which is designed to compromise Apple OS X systems. This backdoor shares a significant portion of its code with the Windows-based version of the XSLCmd

Forced to Adapt: XSLCmd Backdoor Now on OS X

September 4, 2014 11:34 am | by James T. Bennett and Mike Scott | Comments

FireEye Labs recently discovered a previously unknown variant of the APT backdoor XSLCmd — OSX.XSLCmd — which is designed to compromise Apple OS X systems. This backdoor shares a significant portion of its code with the Windows-based version of the XSLCmd backdoor that has been around since at least 2009.

TOPICS:
Multiple banks say they are seeing evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards that went on sale this morning in the cybercrime underground. Home Depot says that it is working with banks and la

Banks: Credit Card Breach at Home Depot

September 3, 2014 10:52 am | by Editor | Comments

Multiple banks say they are seeing evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards that went on sale this morning in the cybercrime underground. Home Depot says that it is working with banks and law enforcement agencies to investigate reports of suspicious activity.

TOPICS:
 North Korea's cyberwarfare capabilities are on the rise despite being entrenched in ageing infrastructure and dampened by a lack of foreign technology, according to a report released by Hewlett-Packard researchers.

North Korea Cyber Warfare Capabilities Exposed

September 2, 2014 12:31 pm | by Charlie Osborne | Comments

North Korea's cyberwarfare capabilities are on the rise despite being entrenched in ageing infrastructure and dampened by a lack of foreign technology, according to a report released by Hewlett-Packard researchers.          

TOPICS:

Pages

X
You may login with either your assigned username or your e-mail address.
The password field is case sensitive.
Loading