By Aimei Wei, Chief Technical Officer (CTO) and Founder Network detection and response (NDR) has a long history, evolving out of network security and network traffic analysis (NTA). The historical definition of network security is to use a perimeter firewall and Intrusion Prevention System (IPS) to screen traffic coming into the network, but as IT technology and security technology have evolved due to modern attacks leveraging more complex approaches, the definition is much broader now….

A ransomware attack is likely the cause of the recent downtime for TV stations owned by the Sinclair Broadcast Group broadcast television company. TV stations owned by the Sinclair Broadcast Group went down over the weekend officially due to technical issues, but some media [1,2] reported that it was a victim of a ransomware attack. The alleged attack compromised the Sinclair internal corporate network, the broadcasting systems of TV stations, email servers, and phone services…

A hacker from Michigan who stole and sold the sensitive data of tens of thousands of University of Pittsburgh Medical Center (UPMC) employees has been sent to prison.  Former Federal Emergency Management Agency (FEMA) IT specialist Justin Sean Johnson pleaded guilty on May 20 to counts 1 and 39 of a 43-count indictment. The court heard that the 30-year-old former resident of Detroit admitted infiltrating and hacking into the UPMC’s human resources server database in 2013 and…

INTRODUCTION For law enforcement, finding and dealing with Apple devices in the field can create confusion and headaches without first understanding some critical differences between Operating systems (HFS+, APFS and Windows file systems). With digital forensic professionals seeing more Mac laptops and other Apple devices more often, we created this guide to identify a few challenges that law enforcement and digital investigators may encounter and provide solutions and best practices for tackling these obstacles both…

A cyber-attack on the vendor of a network of dental practices may have exposed the data of tens of thousands of patients.  A cyber-criminal used a phishing attack to gain access to the computer systems of North American Dental Management between March 31 and April 1, 2021. Pittsburgh-based North American Dental Management provides administrative and technology support services for Professional Dental Alliance (PDA) offices. Following the security breach, PDA notified patients that an unauthorized individual may have…

TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. The gang support other cybercrime groups such as known Hive0105, Hive0106 (aka TA551 or Shathak), and Hive0107, supporting them in expanding their malware campaigns. “As of mid-2021, X-Force observed ITG23 partner with two additional malware distribution…