New Destructive Iranian Cyberattack – “Dustman”

News of a new destructive cyberattack targeting Saudi interests was published on January 7, 2020. The attack, likely from the government of Iran, took place in the Kingdom on December 29, 2020. The Saudi National Cybersecurity Authority published a technical analysis of the malware, Dustman, that was used for file wiping. In this video, we […]

Updating The Iranian Cyber Threat Assessment

In this video, Rendition founder Jake Williams (@MalwareJake) and Brandon McCrillis (@13M4C) discuss how the launch of ballistic missiles from Iran into Iraq changes the cyber threat picture. In short, we don’t think much has changed. It is possible that the risk from hacktivists not controlled or directed by the Iranian government has increased, but […]

Assessing the Iran Cyber Threat

At Rendition Infosec, we’ve fielded a number of calls from clients asking about the Iranian cyber threat in the wake of the Soleimani killing. In this video, we walk through likely targeting as well as action steps you can take to respond to the threat. It should go without saying, but any assessments made are […]

Should Antivirus software be part of your threat model?

Should Antivirus (AV) software be part of your threat model?  Strictly speaking, yes it probably should be.  AV is potentially dangerous to an organization and should be tested thoroughly before being deployed. As argued in the recent WSJ article about Kaspersky (note that the article is behind a pay wall), AV software could threaten the […]

Equifax Breach – Early lessons learned and six point action plan

In this post, we’ll discuss a few early lessons learned from the Equifax breach announced yesterday.  We’ll also recommend a six point plan to avoid becoming “the next Equifax” based on what we know today about the breach. Rendition is in no way involved with the breach assessment for Equifax and we have no inside […]

The need for cyber security in law firms

An interesting article came through our feed today mentioning the need for cyber security in law firms.  As an information security company that works with law firms, we couldn’t agree more.  The article makes a number of points, but leaves a couple of critical things out, and we’d like to cover those here.  It’s worth […]

The need for dump analysis in Cyber Threat Intelligence (CTI)

Over the last year, there have been numerous dumps of stolen classified data posted on the Internet for all to see.  The damage from these dumps has obviously been huge to the US intelligence community.  In this post, we won’t discuss the actual damage of the dumps to the intelligence community (many others have already […]

Software plugins/extensions should be part of your threat model

Over the last few months we’ve seen multiple cases of warnings about plugins and extensions for various software packages threatening the security of users.  We’ve recently seen the Copyfish and and Web Developer Chrome plugins compromised and used to push malware to users. While Chrome is likely safe and should probably not be considered a […]

Honestly evaluating the Kaspersky debate

Rendition Infosec is a zero-FUD (fear, uncertainty, and doubt) firm.  We pride ourselves on offering balanced, honest views to our clients and the general public. So far, Rendition has posted on the Kaspersky debate twice.  In the first post, Rendition educated the public on why a software audit would not address the fears raised by […]

Is your antivirus software part of your threat model? Maybe it should be…

Recently we learned that the US Senate was pushing to add language to the National Defense Authorization Act (NDAA) that would prohibit the purchase and use of Kaspersky software anywhere in the DoD.  This is nearly certainly a political move and CyberScoop’s Patrick Howell O’Neill did a great job of covering this story already from […]

Your cart
subtotal:
$0.00

This will be copy area - something to the effect of estimated ship time if applicable

CONFIDENTIAL

Rendition's advanced courses contain the latest in information security knowledge. Please contact us for more information.

This page has proprietary information in it, please contact us for more information.