Subscribe

Archive | Cyber Threat Intelligence

Is your antivirus software part of your threat model? Maybe it should be…

Recently we learned that the US Senate was pushing to add language to the National Defense Authorization Act (NDAA) that would prohibit the purchase and use of Kaspersky software anywhere in the DoD.  This is nearly certainly a political move and CyberScoop’s Patrick Howell O’Neill did a great job of covering this story already from […]

CRASHOVERRIDE guidance from NCCIC is confusing at best

After reviewing the awesome Dragos Inc report on CRASHOVERRIDE, Rendition analysts received a similar alert from US Cert and NCCIC.  After reviewing the guidance from NCCIC, we were less than thrilled.  The second recommendation from NCCIC (take measures to avoid watering hole attacks) is impossible by its very definition.  A watering hole attack first compromises […]

Call to Microsoft to release information about MS17-010

After delaying the release of Windows updates, Microsoft mysteriously released a patch for a group of vulnerabilities addressed by MS17-010 after canceling Patch Tuesday in February.  This patch was released immediately before the release of a set of Windows exploits by the Shadow Brokers hacking group.  Although Shadow Brokers purports to have stolen these exploits […]

The “Digital Geneva Convention” – without attribution, it’s smoke and mirrors

Microsoft released their idea of a “Digital Geneva Convention” to help normalize behavior on the cyber battlefield.  The document, linked here, is generally well written and documents the need for a document of its type. The problems start by the second paragraph where a “Digital Geneva Convention” is compared to other non-proliferation treaties, such as those […]

Corporate Business Impact of Newest Shadow Brokers Dump

Yesterday, the Shadow Brokers released the password for the encrypted zip file they seeded last year (link). This release gives threat intelligence teams unprecedented insight into the capabilities of the Equation Group Hackers.  The dump appears to contain only Linux and Unix tools and exploits, so organizations running only Windows don’t need to react to […]

In Your Face – Securing Digital Displays

On Monday, a large publicly visible art exhibit in Spain that normally shows projections of modern art displayed pornography for 45 minutes.  Per this story (in Spanish), the taxi drivers who viewed the porn while waiting for riders at a nearby train station were thrilled (pun definitely intended), but most people were understandably not happy.  The […]

Wikileaks and the Marble Framework

This week, Wikileaks released CIA’s Marble framework.  As Rendition Infosec works with many organizations on security and threat intelligence, we have been fielding calls asking what the release means for businesses. WikiLeaks suggests that the Marble framework can be used to confuse analysts into attributing CIA malware to Russia or China.  Many of our customers […]