After reviewing the awesome Dragos Inc report on CRASHOVERRIDE, Rendition analysts received a similar alert from US Cert and NCCIC. After reviewing the guidance from NCCIC, we were less than thrilled. The second recommendation from NCCIC (take measures to avoid watering hole attacks) is impossible by its very definition. A watering hole attack first compromises […]
Archive | Hackers
WanaCrypt0r malware webcast and slides
Hackers MS17-010 VulnerabilitiesLast night, I ran a special webcast for the SANS Institute on the outbreak of the WanaCrypt0r malware. One thing I love about SANS is that we always look out for our students. If huge security news breaks during the day at one of our major conferences, we designate an instructor to do impromptu night sessions. […]
Call to Microsoft to release information about MS17-010
Cyber Attribution Cyber Threat Intelligence Hackers Responsible Disclosure TechnologyAfter delaying the release of Windows updates, Microsoft mysteriously released a patch for a group of vulnerabilities addressed by MS17-010 after canceling Patch Tuesday in February. This patch was released immediately before the release of a set of Windows exploits by the Shadow Brokers hacking group. Although Shadow Brokers purports to have stolen these exploits […]
DOUBLEPULSAR Infections On The Rise
DOUBLEPULSAR Shadow Brokers UncategorizedAs you have probably heard, a group known as the Shadow Brokers released a large cache of Windows tools and exploits. One of the exploits installs a kernel mode implant known as DOUBLEPULSAR. There have been several good articles written on DOUBLEPULSAR already, so I won’t detail repeat that work here. Several of the Windows […]
Corporate Business Impact of Newest Shadow Brokers Dump
Cyber Attribution Cyber Threat Intelligence Hackers Hacktivism Shadow Brokers TableTop Exercises Threat ModelYesterday, the Shadow Brokers released the password for the encrypted zip file they seeded last year (link). This release gives threat intelligence teams unprecedented insight into the capabilities of the Equation Group Hackers. The dump appears to contain only Linux and Unix tools and exploits, so organizations running only Windows don’t need to react to […]
In Your Face – Securing Digital Displays
Digital Displays Hackers Hacktivism Threat ModelOn Monday, a large publicly visible art exhibit in Spain that normally shows projections of modern art displayed pornography for 45 minutes. Per this story (in Spanish), the taxi drivers who viewed the porn while waiting for riders at a nearby train station were thrilled (pun definitely intended), but most people were understandably not happy. The […]