How Internet Forensics Changed Criminal Investigations

The people from Cyber Crimebusters developed a Infographic about how Internet forensics has changed criminal investigations. The original can be found HERE.

The interesting points to me are how social media and mobile devices are becoming a common source for investigations. I find it humorous when people post pictures of themselves doing crazy things on social media sources and shocked when that comes back to haunt them later such as in job interviews. I’ve provided examples of how I used people’s data on Facebook (previous job roles, friend’s current location, etc) to pretend I’m a friend from years ago using a fake Facebook ID to obtain data during an authorized penetration testing (more on that HERE). Its critical to know what you have public about yourself and question anybody that seems fishy. Trust me, its better to ask for proof of identity when you don’t know who you are speaking with rather than assume the wrong person is a trusted friend.  Continue reading

VN:F [1.9.22_1171]
Rating: 3.0/5 (2 votes cast)

Days After a Federal Seizure, Another Type of Ransomware Gains Ground

cryptolocker Days After a Federal Seizure, Another Type of Ransomware Gains Ground

Nicole Perlroth wrote a interesting post on the NewYorkTimes blog about a new type of Ransomware and Cisco’s view as it spreads in the wild. The original post can be found HERE

It has been mere days since federal agents seized control of computer networks used by hackers to infect victims with CryptoLocker, a piece of malware known as “ransomware,” which encrypts the contents of computing devices so hackers can demand a ransom to decrypt it. More on Ransomware such as CryptoLocker can be found HERE

Now security researchers are seeing an influx of another form of ransomware, called Cryptowall. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

First Heartbleed, Now A Man-In-The-Middle OpenSSL Encryption Toolkit Vulnerability!

ahh First Heartbleed, Now A Man In The Middle OpenSSL Encryption Toolkit Vulnerability!

Today the folks at published a new vulnerability found in OpenSSL encryption. For those that are not aware, OpenSSL is found on approximately 66% of all websites found on the Internet.  You can find the official notice on this vulnerability HERE as well as details posted below. This time its a known bug and yet again, we are being told by the openssl team the remediation for this is to upgrade to the latest version of OpenSSL using the recently patches being released.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Meraki MX60 / MX60W Security Appliance First Look

MX60 Meraki MX60 / MX60W Security Appliance First Look Comparing the meraki MX60 to meraki Z1

Every once in a while I like to do a product review. Next up is the meraki MX60 (shown above on the left next to the Meraki Z1). The official MX60 data sheet can be found HERE. The MX60 comes with or without wireless capabilities hence the MX60W means wireless while the one used in this post is a MX60. Outside of that, both models are the same and considered the low end / home model as shown in the next image. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Using Metasploit To Bypass Anti-Virus Software – Generating and Obfuscating Payloads

msintro Using Metasploit To Bypass Anti Virus Software   Generating and Obfuscating Payloads

I’m often asked “why did my system get infected when I had the latest system updates and anti-virus enabled?” Well, a fundamental concept behind security products is they can only look for so many things or use so many detection techniques before they must permit traffic. This means your defenses will fail if an attack uses a method that your detection system can’t see or scanner does not have an existing signature to scan against. This is why attackers hide exploits using techniques such as obfuscation to bypass security detection. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Splunk Cisco Security App – Expanding Cisco Security With Centralized Reporting and Multi-Vendor Alerting

There are many SIEM solutions available however I was extremely impressed with recent innovations from Splunk regarding a free Application that can be used to centralize security data from multiple cisco solutions. By definition, a security information and event monitoring system aka SIEM is typically just that; either a good information sorting tool or solution that helps identify and react to events.

One of Splunk’s key market differentiators is their extensive application library developed by customers and Splunk engineering. These applications turn the traditional SIEM into a business enabler to meet specific use cases. Splunk has developed cisco applications in the past however recently face-lifted the cisco Security Application to include Cisco access control (ISE), email security (ESA), web security (WSA), Cisco firewalls, and even SourceFire (both network and only SIEM as of today to support malware aka AMP). This application can link findings with other vendor data such as taking ISE context (IE Joey’s windows 7 laptop on port 1/0/14) and matching it to any captured log by Splunk (For example a McAfee IPS event). This provides a true centralized view of data across a network.

Splunk1 Splunk Cisco Security App – Expanding Cisco Security With Centralized Reporting and Multi Vendor Alerting Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (4 votes cast)

Cisco Announces Intent to Acquire ThreatGRID

imgres Cisco Announces Intent to Acquire ThreatGRID

Cisco announced this morning they will be acquiring ThreatGRID. ThreatGRID combines advanced malware analysis with deep threat analytics and content that is used to defend attacks and prevent malware outbreaks. Cisco originally got into the security research market back in 2007 with the acquisition of IronPort, which included a security research division now known as the Security Intelligence Operations aka SIO. Cisco enhanced this research team with the recent acquisition of SourceFire that includes open source projects such as SNORT, ClamAV, etc. ThreatGRID will provide even more research and development around identifying advanced threats as well as compliment SourceFire’s malware detection component known as fireAMP. ThreatGRID’s appliances and cloud offerings should improve the overall security vision of preventing attacks before, during and after they happen.

Here is a summary of the announcement originally found HERE Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (4 votes cast)

Heartbleed bug infographic

The people at IDF Marketing created a infographic covering the recently announced Hearthbleed bug. You can find more on IDF Marketing HERE. Check out this overview including a list of popular sites with heartbleed vulnerability status.  Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

Should Parents Use Apps Like Teen Safe and Mamabear To Monitor and Protect Their Child

Tara Heath provided her thoughts on when to use apps to protect young adults while they are using the internet. 

The internet is a wonderful tool, especially for young adults who are looking for new ways to express themselves, connect with people, and discover their personal interests and talents. The internet isn’t always a safe and helpful place, though. Teens are constantly faced with problems like cyberbullying and connecting with strangers online who aren’t honest about who they are. We’ve all heard horror stories about online predators, and while it’s unlikely that your child will get into a situation where their safety is at risk, it’s important to do everything you can to make sure they feel safe and protected while using technology. Continue reading

VN:F [1.9.22_1171]
Rating: 3.0/5 (2 votes cast)