Archive by Author

Equifax Breach – Early lessons learned and six point action plan

In this post, we’ll discuss a few early lessons learned from the Equifax breach announced yesterday.  We’ll also recommend a six point plan to avoid becoming “the next Equifax” based on what we know today about the breach. Rendition is in no way involved with the breach assessment for Equifax and we have no inside […]

Five steps to prepare for a ransomware attack

Like many information security firms, Rendition Infosec has worked many ransomware attacks over the last several years.  If you’re reading this post, you probably know about the obvious things you can do to prepare for a ransomware event.  We often talk about having good backups (and testing them).  We also know that most ransomware is […]

The need for dump analysis in Cyber Threat Intelligence (CTI)

Over the last year, there have been numerous dumps of stolen classified data posted on the Internet for all to see.  The damage from these dumps has obviously been huge to the US intelligence community.  In this post, we won’t discuss the actual damage of the dumps to the intelligence community (many others have already […]

Software plugins/extensions should be part of your threat model

Over the last few months we’ve seen multiple cases of warnings about plugins and extensions for various software packages threatening the security of users.  We’ve recently seen the Copyfish and and Web Developer Chrome plugins compromised and used to push malware to users. While Chrome is likely safe and should probably not be considered a […]

An important consideration for “bug bounty” programs

The US DoJ recently released guidance on running vulnerability disclosure programs (aka bug bounties).  The document is nothing earth shattering, but does provide some free advice to organizations considering such programs. Rendition’s advice to organizations considering a bug bounty program? Think VERY carefully about how it will impact your monitoring and detection strategies. People looking […]

Is Kaspersky “inappropriately removing” files?

In a Reuters article yesterday, former FBI employees commented on the case investigating Kaspersky and reported a serious allegation against the Russian antivirus giant. According to the article: Two former employees and a person briefed on the FBI case told Reuters that Kaspersky software has at times inappropriately inspected and removed files from users’ machines […]

Is your antivirus software part of your threat model? Maybe it should be…

Recently we learned that the US Senate was pushing to add language to the National Defense Authorization Act (NDAA) that would prohibit the purchase and use of Kaspersky software anywhere in the DoD.  This is nearly certainly a political move and CyberScoop’s Patrick Howell O’Neill did a great job of covering this story already from […]