Subscribe

Archive | Malware

CRASHOVERRIDE guidance from NCCIC is confusing at best

After reviewing the awesome Dragos Inc report on CRASHOVERRIDE, Rendition analysts received a similar alert from US Cert and NCCIC.  After reviewing the guidance from NCCIC, we were less than thrilled.  The second recommendation from NCCIC (take measures to avoid watering hole attacks) is impossible by its very definition.  A watering hole attack first compromises […]

CRASHOVERRIDE – monitor your IT networks (and OT too)

Last week Rendition Infosec founder Jake Williams contributed an article for next month’s issue of Power Grid International magazine.  The article highlights the need for utilities to monitor their IT networks in order to protect their OT networks from compromise.  Today’s release of the excellent CRASHOVERRIDE report by Dragos Inc only reinforces the points Williams’ […]

WannaCry because your organization is slow to patch? Stop the tears with TearSt0pper!

WanaCrypt0r 2.0 has been spreading like wildfire and causing severe impact to individuals and businesses alike.  Wcry not only is a crypto-ransomware variant, but packages a leaked NSA exploit with it (MS17-010), creating a self-propagating ransomware worm. To protect our clients and now the general public, Rendition Infosec has released TearSt0pper.  Simply put, TearSt0pper creates […]

WikiLeaks’ Archimedes tool release – the breakdown for business leaders

Yesterday WikiLeaks released documentation on a CIA hacking tool named Archimedes, a CIA hacking tool that would allow CIA to infect computers on a local network.  The tool (formerly named “Fulcrum” according to internal documentation) relies on a technique called ARP spoofing to perform Man in the Middle (MitM) attacks against victims. Is this a […]

Observations from the latest DOUBLEPULSAR scans

Rendition Infosec completed a new scan overnight for DOUBLEPULSAR scans and the number of infections continues to rise, though only slightly.  For liability reasons, Rendition is not performing the vulnerability scan to determine vulnerable hosts.  Rendition only communicates with hosts to determine if DOUBLEPULSAR is present on a machine.  At this time, Rendition is only scanning for the […]