Delivering training on Incident Response and Computer Forensics

I’m writing this post while seated on a train going from Birmingham’s International Airport to Banbury, a small town located in the heart of Oxfordshire. It’s only a 40 minutes trip but I really enjoy it, especially if I have a good album to listen to (like that of The Script I’m listening now), some coffee and the nice view of the English countryside I can see through the window right now.

I come to Banbury very often, like once every two or three months, most of the times to hold meetings with my team colleagues, to support ISO 27001 audits or to conduct onsite assessments. None of those are the main purpose of my visit this time. After delivering a new one-day session on Incident Response and Computer Forensics at my employer’s European offices in Leiden (the Netherlands), Bochum (Germany) and Warrington (UK), it’s now Banbury’s turn.

[Read more...]

A follow up on the Indian embassy issue

It’s been a busy two weeks trying to put together the training material I’ll be using to teach Incident Response and Computer Forensics to some of my colleagues in other geographies across Europe, Asia and Australia, and that will kick-off in Leiden in approximately 10 days. Meanwhile, the latest news about the Indian embassy reported earlier on this blog, spread quickly on the Internet.

Many sites reported on the issue, from antivirus vendors to security professional’s blogs and online magazines. Whilst most of them just echoed what others said, some shed more light on it posting some interesting notes and only a few did an in-depth analysis worth of mention, the most relevant being:

[Read more...]

Embassy of India in Spain found serving remote malware through iFrame attack

Hacking an embassy’s website to use it as malware distribution point is not something new, neither is the use of the iframe injection attack, but it’s still surprising the number of infected sites out there.

Earlier this morning I was alerted to this problem by a colleague who was trying to access www (dot) embajadaindia (dot) com to sort out some paperwork related to my employer’s offices in India. When tried to load the site, the Desktop Antivirus displayed the following pop-up alert:

Sophos Alert - www (dot) embajadaindia (dot) com

The alert description is fairly self-explanatory, [Read more...]