Are you Shellshock’d? {bashbug}

By: Kyle Cavalieri

Are-You-Shell-Shocked-DIGITS-LLCOn September 25, 2014, a new vulnerability that affects most versions of Linux and Unix operating systems, which includes Mac OS X, was discovered. According to security researchers, given the reach of the Bash itself and combined with the sheer volume of devices and application that rely on the Bash, Shellshock is likely going to be larger than the Heartbleed vulnerability that was identified earlier this year. If Shellshock is exploited successfully, the vulnerability could allow an attacker to gain control over a targeted computer.

Bash is a common component of Unix and Linux systems and is commonly referred to as ‘shell.’ Bash acts as a mechanism for the user to instruct the operating system what to do. The vulnerability lies in the fact that an attacker can imbed malicious code into application code that require Bash to execute. At this time, the most critically vulnerable systems are Web servers running the aforementioned OS’s. Although, non-Web servers are also vulnerable, specific conditions need to be in place in order for an attacker to gain control. Imbedded systems that are running Bash that are Internet facing, such as surveillance systems, routers, conferencing and IP based phone systems may also be vulnerable and should be inspected appropriately.

Once the targeted system has been exploited, the attacker can extract password lists off the system and use those passwords to move laterally within the network to gain access to other systems with the company’s production environment.

Due to the wide spread nature of this vulnerability, cyber security companies, like DIGITS LLC, are able to detect whether your systems are currently vulnerable to this latest threat. Contact a cyber security specialist today for more information.

www.digitsllc.com

DIGITS LLC

Flappy Bird Fake Versions Popping Up on Android Market

Flappy Bird

Be alerted, your child’s most recent favorite mobile game “Flappy Bird” has been pulled from the market by it’s developer, Doug Nguyen.  Since the original version has been pulled down from the market, malicious versions of this app have been created and added to the Android market to potentially exploit users.

These fake versions of “Flappy Bird” have been known to send messages to premium numbers, causing unwanted charges to your phone billing statements.  An article published by CNET further describes the vulnerability of the fake versions of this game and talks to various security experts about the impact that the malicious versions have made.  Click the link to read CNET’s article titled “Squawk! Flappy Bird fakes are hatching Android malware.”

Vulnerability Assessment in Response to Cyber Attacks

Vulnerability Assessment - web

DIGITS LLC offers a complete suite of vulnerability assessment services that enable companies to identify critical security threats.

DIGITS LLC’s President and CEO, Michael McCartney, explains that “Congressman Chris Collins, Chairman of the Small Business Subcommittee on Health and Technology, outlined statistics that show that nearly 60 percent of small businesses will close within months after a cyber-attack. A recent report shows nearly 20 percent of all cyber-attacks are targeting small firms with less than 250 employees.”

In response to this alarming trend, DIGITS LLC released a complete suite of vulnerability assessment services that assist companies to identify critical security threats that may expose their data to an unauthorized third party.

McCartney continues to explain “Many companies are poorly equipped to take on the task of identifying their infrastructure pain-points and therefore, find themselves at a high risk for cyber-attacks and data breach.”

DIGITS LLC’s experts leverage their decades of information technology, computer security and investigative experience to assist their clients in identifying security vulnerabilities and help them develop a road map for remediating those threats.  DIGITS LLC provides a 3rd party security assessment and validation that follows a proven methodology and leverages industry best practices.  These types of assessments also reduce unauthorized access, data exfiltration and data manipulation as well as assist companies to comply with regulations such as PCI DSS, HIPAA / HITECH and NIST.

Examples of the services provided include: External Network Perimeter Vulnerability Assessment, Internal Network Vulnerability Assessment, Active Directory Reviews, WLAN Assessments, VoIP Assessments, OS Patch Management Assessment, Device Configuration Management Review, and Source Code Review of Company Developed Applications.

Additional information about DIGITS LLC’s Vulnerability Assessment Services can be found at http://www.digitsllc.com/vulnerability-assessment.

Law Firms & CPA Firms Target of Organized HACKERS

Law Firms, CPA Firms, and other professional service organizations are becoming the latest targets for organized hackers to attack.  These industries all have something in common that is drawing hackers to them like a magnet; sensitive client information.

In November of 2009, the Federal Bureau of Investigation (FBI) issued their first official warnings concerning spear phishing E-mails targeting U.S. law firms and public relations firms.  The FBI stated in that warning that they had “assessed with high confidence that hackers are using spear phishing e-mails with malicious payloads to exploit U.S. law firms and public relations firms.”  Since then, we have seen a dramatic increase in successful compromises of these firms as well as CPA firms.  (To read the full FBI warning visit http://www.fbi.gov/scams-safety/e-scams/archived_escams)

According to Help Net Security, 80 major law firms were hacked in 2011. The article titled “Law Firms Get Hacked For Deal Data” explains that the hackers used a common tactic to gain access into the law firms’ data.  (http://www.net-security.org/secworld.php?id=12318)

Hackers have become very sophisticated. Continue reading

WARNING: Windows Phone Scam

Last night, an associate from DIGITS LLC received a phone call on his home phone from a number that he did not recognize.  The 510 area code threw him off a bit but he thought that this caller might be from an out of country friend…  The phone call ended up being from a cyber-crook foe.

The attack came from this phone number: 510 943 3040

The individual on the other line claimed to be from Windows.  This person said that they found a bug on the users’ Windows computer and continued to attempt to instruct the steps to allow remote access to the computer.  We knew right away that this was a scam.  First of all, there aren’t any Window’s machines within the facility, and second, Windows would never call a home phone asking for remote access.

DIGITS LLC is well trained to be aware of a situation like this, but many of our friends and family might not know the difference of a scam phone call.  These cyber scammers are looking to obtain personal information including usernames, passwords, and banking information.  The DIGITS LLC associate also mentioned that in the background  he could hear multiple conversations of the same matter.   This is our attempt to warn you, please pass on to all of your colleagues and STAY SECURE!

VOTE DIGITS LLC Social Madness- Buffalo Small Business

DIGITS LLC is participating in the Buffalo Business First Social Madness Competition!

Rather, 60-plus Western New York companies are vying for your social media “votes” as they compete in Social Madness, a national competition run by Business First’s parent company, American City Business Journals.

Those competing in Social Madness will earn points for gaining Facebook likes, Twitter followers, LinkedIn connections and votes through bizjournals.com.

Please be sure to Vote for DIGITS LLC under Buffalo – Small Business.  Also, please be sure to Like DIGITS LLC on Facebook, Follow DIGITS LLC on Twitter, and Follow DIGITS LLC on LinkedIn.

Continue reading

Wrapping Your Arms Around e-Discovery

Overview

 As anyone who has been involved in litigation within the past 10 years can attest, eDiscovery has the potential of consuming a case in at least two ways. First, depending on the level of civility and collaboration between adversaries and the amount of Electronically Stored Information (“ESI”) the parties possess, the costs of production and related motion practice can dwarf those related to litigation on the merits. Second, allegations of spoliation and who failed to preserve ESI can quickly overshadow all other aspects of the case.

Seven Steps to Cost-Savings and Efficiency

 As anyone who has been involved in litigation within the past 10 years can attest, eDiscovery has the potential of consuming a case in at least two ways. First, depending on the level of civility and collaboration between adversaries and the amount of Electronically Stored Information (“ESI”) the parties possess, the costs of production and related motion practice can dwarf those related to litigation on the merits. Second, allegations of spoliation and who failed to preserve ESI can quickly overshadow all other aspects of the case.

  Continue reading

DIGITS LLC to be featured on News Station WIVB Channel 4

Michael McCartney, CEO/President of DIGITS LLC, will be featured on WIVB Buffalo Channel 4 News Station on Monday, May 14th at 5:00 p.m.  Tune in to find out more about Digital Forensics!

About DIGITS LLC

DIGITS LLC was founded in 2006 to fill the need in the legal and corporate communities for highly skilled Digital Forensics and data recovery services, Corporate Investigations, Litigation Support Services, Network Security Advisory Services, and general Computer Forensic and Consulting Services.

Michael McCartney, James Domres

DIGITS LLC’s officers have over 115 years of combined federal and state law enforcement experience and decades of experience as leaders in Computer Forensics and advanced technology investigations.  Headquartered from Western New York, our core business is designed to help our clients take full advantage of today’s information technologies while guarding against the ever-changing threats posed by those very technologies.

DIGITS LLC | Digital Forensics Video Case Studies

Experts at DIGITS LLC use digital forensics to obtain evidence when litigation occurs.  It is important to ensure that the electronic evidence is not disturbed by an in-house IT department or other resource before the data is collected and the devise is wiped clean of any information.  Once the data is collected, DIGITS LLC’s computer forensic experts will preserve then process the data.  Digital forensics can be used proactively to mitigate and manage digital processes occurring when laptops, desktops and cell phones are distributed for business purposes.

DIGITS LLC have put together video segments explaining just a segment of the digital forensic services we provide through different case studies.  Click on each of the links below to see how computer forensics can help you!

Digital Forensic Video Case Studies:

Digital Forensics to Solve Sexual Harassment Cases
Digital Forensics to Solve Corporate Espionage Lawsuits
Digital Forensics to Solve Theft of Intellectual Property Cases
Digital Forensics to Solve Workers Compensation Lawsuits
Digital Forensics to Recover Deleted Data
Digital Forensics to Solve Cases Regarding Removal of External Storage

For any additional information about Digital Forensics or the services that DIGITS LLC provides, please email info@digitsllc.com