It was one Friday afternoon in June 2015. Office workers were chatting about sport news and happy hours that night. A sudden phone call changed the happy mood altogether. A Client was under cyber attack and the website got defaced by a (in)famous hacking team. The Client's big boss was very worried and he needed to know the impact of the cyber attack, the root cause and the prevention measures RIGHT NOW.

The nightmare story goes like this - a recently discovered critical flaw resides in a core Android component called "Stagefright," a native Android media playback library used by Android to process, record and play multimedia files. Recently security researchers have found that there are several ways to hack millions of Android phones by exploiting the Stagefright vulnerability.

PCI DSS Penetration Testing Guidance was released in March 2015. It intends to be prescriptive for the internal and external penetration testers (or pen testers for short). If the guidance intends to help answer the question whether we are compliant, then it achieves its aim. If the guidance intends to help answer the question whether we are secure, then we are facing several challenges.

Digital Forensics, Anti-Forensics, and Anti-Anti-Forensics

(A) Digital Forensics

Digital forensics aims to investigate various digital issues of unauthorized access, data breach, theft of intellectual property, unauthorized use of company resources, and so on.

To achieve these aims it is necessary to preserve evidence data in original state, then to image such data for analysis and reporting in a court admissible format.

Lessons Learned from SCADA Malware Attacks

Stuxnet, Duqu and Flame are high-profile malware attacking industrial control systems and related supervisory control and data acquisition (SCADA) systems. From these lessons learned on how they attack and affect the systems we try to gain more understanding of SCADA cybersecurity measures.

Firmware modifications attack (Cui, Costello and Stolfo, 2013) was researched before. The way of a massive attack on hard disk firmwares like this scale has not been fully understood. This paper intends to explore potential ways to handle the scenario.