According to experts at ESET, the Windows zero-day vulnerability CVE-2019-1132 was exploited by the Buhtrap threat group in a targeted attack aimed at a government organization in Eastern Europe.
Category: Dfir
New version of FinFisher spyware used to spy on iOS and Android users in 20 countries
Malware researchers from Kaspersky have discovered new and improved versions of the FinFisher spyware, able o infect both Android and iOS devices. According to the experts, the new versions have been active at least since 2018, one of the samples analyzed was used last month in Myanmar, where local government is accused of violating human […]
‘Agent Smith’ malware has infected Android apps on 25 million devices
According to security firm Check Point, a newly discovered Android malware that replaces portions of apps with its own code has infected more than 25 million devices.
How to convert a Windows SFS (Dynamic Disks) partition to regular partition for forensic analysis
Yes, the answer is 42! 🙂
Windows Security Event Logs: my own cheatsheet
During a forensic investigation, Windows Event Logs are the primary source of evidence.Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artifacts, but a deep knowledge of events IDs is mandatory.