Welcome guys to another blog of mine on the topic of “laptop care”. I know its not our usual cybersecurity style blog but hey, we need our laptop to be in great shape for us to function.
Taking care of PC is easier than laptop as PC just sits at 1 place almost its entire life, safe and sound from harsh environment and physical movements. But laptop has a very different life, its always moving from 1 place/postion to another, people placing food on it, withstanding wind and sunlight outdoors, etc. You get the point, laptop being portable and AIO device needs special attention.
MangaDex, a place where people can read manga comics, has suffered a cyber attack, designed to cause disruption and is down until further notice. They have planned to rewrite full code for security and will use ethical hackers to do testing.
In the attack, bad actors gained admin account access by using old session tokens leaked earlier. Coders responded by clearing all sessions globally and doing source code review. But during that time, same bad actors accessed site’s dev account and stole latest source code. The attackers updated sites git repo claiming to have fixed 2 of 3 CVEs in site but site’s dev aren’t trusting the claims without verifying.
The full extent of attack is unknown and site advised users to change passwords of accounts that share MangaDex account password.
Sierra Wireless is a Canadian wireless communications equipment company, specializing in IoT. It suffered a ransomware attack in March which led to severe impact on its production environment. The ransomware name or cause of attack haven’t been disclosed. They are currently working with cybersecurity companies like KPMG, Blake, Graydon LLP and Cassels to analyze the incident, harden the system and find the malicious actors responsible.
For now, it has recovered the production environment and is working towards fixing internal networks. The impact was limited due to proper network segregation, hence customer section was safe and only affected one were company’s systems. Due to this, no patches or security updates are needed for its customer products.
Another day, another breach, this time its with an Indian Online Share/Stock Trading app Upstox, leading to exposure of sensitive information of 25 lakh users. The actual date of breach is unclear yet but researcher Rajshekhar Rajaharia was first to report it on 11 April, which included things like name, DoB, bank info, email address and 56 million KYC records. It mainly happened due to a misconfigured AWS server. This is not a new news as many companies, Indian and MNC, have been experiencing increased cyber attacks.
Company has informed that they have hardened their systems and that no money has been moved from any user. Users can reset their passwords, enable MFA (if available), suspect each mail as phishing attempt as a precaution.
Welcome back guys, today lets talk on emails. We can all agree that almost everyone in this digital age has atleast1 email address and how tightly its integrated into our lives be it confidential conversations, device backups, history/private details mine, and what not. So compromising 1 email can give us…
Hello guys,in this article I’ve listed a collection of cheatsheets for digital forensics. It covering forensics topics for smartphone , memory , network , linux and windows OS.
These cheatsheets will help digital forensics investigators to speed up their work process by giving them all commands and essential information at one place rather than trying to google each and every topic every-time.
This is the link to my github repository:
Please Note: I have not actually created these pdfs, I've just compiled them at one location so people can refer to them easily and quickly.
This is a sample forensic report of Volatile Memory using the tool “FTK Imager Lite by AccessData”. This procedure is used by investigating agencies to log each step in evidence acquisition process, and the report is presented in the court for the hearing.
Scope of Work
On Feb 14, 2019…
ExifTool is developed by Phil Harvey. It is a platform-independent Perl library coupled with a full-featured command-line implementation for reading, writing and manipulating the metadata across a broad range of files, particularly the images. This metadata may comprise a bunch of information such as the camera make, file type, permissions…