One of the most exciting parts of the BCAware conference was getting to meet Brian Krebs live in person!
During his talk he shared some interesting topics such as how
cyber criminals are using websites similar to https://haveibeenpwned.com/
Except, that these “other” websites will actually list out
the users leaked password(s) in plaintext. And, with this method attackers can
now attack various social media, banking and other commonly used services
online to possibly find valid emails/passwords to accounts.
Another topic was related to how cyber criminals determine how much money to ask for during a
ransomware attack. The typical amount seems to point at about 10% of total
revenue a business makes from the previous year. This way, they do not ask for
too much or too little. It gets close to an amount that the organization can
afford, and finds would be cheaper than to recover from backups or rebuilding
the environment.
After reading the Equifax breach report released by U.S. House of Representatives Committee on Oversight and Government Reform. This would be a great post to summarize and list out key items that went wrong in the Equifax breach. Hopefully, it will lead to a wake up call for other companies in order to better their own information security.
Security Representative on the Core team
It’s highly important to have someone that understands information security on your core team. Many times, the task gets pushed to the Legal or IT team core team members. This is one of the reasons that led to the breach. IT operational tasks and security tasks need to fall under a specific leader. Ideally, someone that understand security and not just IT. In Equifax’s case, security was represented by the IT team core member. However, their views were not in line with the security team leader. Therefore, something that may be of risk may not reach the CEO’s level and will get missed. However, Read The Full Post
One of the biggest news items around recently has been the NCIX Breach. I was notified of it through a colleague prior to the media finding out about it through the following blog –> (https://www.privacyfly.com/articles/ncix_breach/). The blog details events that took place where a person uncovered hard drives left by the now bankrupt NCIX computer retailer. The warehouse housing these drives, and left over computers that belonged to NCIX were being sold off by the warehouse landlord. The information based off privacyfly’s blog seems to point towards the landlord illegally selling the data on the drives to recuperate lost rent. The big question here is how NCIX, or the team taking care of their assets after bankruptcy could allow this information to be sold. And, this also goes to show how NCIX has very weak security procedues in place to safeguard their most vital data (customer and employee data). Read The Full Post
Cellebrite (https://cellebrite.com) is an Israeli company that specializes in mobile forensics.
They have created a well known product that is called Universal Forensic Extraction Device (UFED). This tool basically can extract data from most mobile devices. They are able to also unlock mobile devices with a passcode. I have used a much older version of this tool in the past. You may see the catch the details in my Research Project here –> https://www.stealthbay.com/hardening-mobile-phone-devices/
What was taken
Based off a popular website called “Motherboard” who first posted about this breech. Cellebrite has lost over 900GB worth of data. Now, that is a lot of information and data that was taken. My assumption is that a lot of the data is related to tools and software made use of for forensic investigations. (more…)
Teamviewer is a fairly popular application used to gain remote access to machines.
Many use it to help other users troubleshoot their computer issues.
I personally avoid these types of applications as there are added security risks and concerns.
Teamviewer went down about a month ago which impacted every Teamviewer user on a global scale.
Many people at that time thought Teamviewer had been breached or hacked.
I was alerted about the issue through a friend the same day.
The twitter feed for teamviewer was hit hard by angry users. And as I started to noticed right away many businesses rely heavily on TeamViewer to run their day to day operations. (more…)
My name is Harry Taheem
I am a Cyber Security Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like StealthBay to be a place where IT users can find some form of knowledge and education. And, hopefully I can learn a few new things from other users as well who also wish to share their own experiences and knowledge.