DFIR

Hello All. I had the honor of speaking at the 2024 AtlSecCon Conference in Halifax this past week. What an amazing event. Shout out to the organizers, attendees and sponsors. I had a blast. I delivered a talk on Live Incident Response as part of DFIR. I promised attendees I would post my slides and cheat sheet. Please see below:

Please feel free to reach out if you have any questions.

Read more

Hello All. Most of you know who Malwarebytes is, endpoint product used to protect against malware. Many in the industry say is one of the best consumer products our there when compared to others like McAfee or Norton. In some unfortunate news, it looks like they may have suffered a cyber-breach similar in nature to that of the SolarWinds attack.

“Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since the company doesn’t use any of SolarWinds software in its internal network. Instead, the security firm said the hackers breached its internal systems by exploiting an Azure Active Directory weakness and abusing malicious Office 365 applications. Malwarebytes said it learned of the intrusion from the Microsoft Security Response Center (MSRC) on December 15. At the time, Microsoft was auditing its Office 365 and Azure infrastructures for signs of malicious apps created by the SolarWinds hackers, also known in cyber-security circles as UNC2452 or Dark Halo.”

“After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails,” said Marcin Kleczynski, Malwarebytes co-founder and CEO.

Given the same threat actor that breached SolarWinds moved to weaponize the company’s software by inserting the Sunburst malware into some updates for the SolarWinds Orion platform, Malwarebytes has indicated that they have also performed a very thorough audit of all their products and associated source code, searching for any signs of a similar compromise or past supply chain attack.

“Our internal systems showed no evidence of unauthorized access or compromise in any on-premises and production environments. Our software remains safe to use,” Kleczynski added.

To read the statement from Marcin Kleczynski – visit http://bit.ly/2M8GVO0

Read more

Hello All. Again we see that basic cybersecurity hygiene such as the use of default passwords has again slipped the minds of another well-respected company. It seems as though Nissan North America, yes the same Nissan that manufacture cars and SUVs we know such as the Maxima and the Pathfinder have leaked source code online from a misconfigured Git server.

The leaked included 20GB of source code for the following applications:

  • Nissan NA Mobile apps
  • Components of the Nissan ASIST diagnostics tool
  • Dealer Business Systems / Dealer Portal
  • Nissan internal core mobile library
  • Nissan/Infiniti NCAR/ICAR services
  • Client acquisition and retention tools
  • Sales / market research tools and data
  • Nissan vehicle logistics portal
  • Vehicle connected services / Nissan connect things

The leak originated from a Git server that was left exposed on the internet with its default username and password combo of admin/admin.

Contents of the Torrent file “nissan-na-gitdump-EXCONFIDENTIAL”:

A post on a hacker forum explaining what happened:

Nissan was quoted following the breach in saying, “Nissan conducted an immediate investigation regarding improper access to proprietary company source code. We take this matter seriously and are confident that no personal data from consumers, dealers or employees was accessible with this security incident. The affected system has been secured, and we are confident that there is no information in the exposed source code that would put consumers or their vehicles at risk.”

This only proves that simple cybersecurity hygiene could be the difference between retaining your intellectual property or losing it to thieves. In the case of Nissan, even if they fix the problem and investigate further, the damage is already done with source code up on torrent sites.

Read more