Super Micro Hardware Backdoors

Today, Bloomberg published an article claiming that at least some Super Micro motherboards contained hardware backdoors. While we don’t have any inside information, we’ve been fielding several calls from clients about actions they should take and wanted to expand our thoughts on this outside our existing customer base. To begin, it’s important to note that […]

Should Antivirus software be part of your threat model?

Should Antivirus (AV) software be part of your threat model?  Strictly speaking, yes it probably should be.  AV is potentially dangerous to an organization and should be tested thoroughly before being deployed. As argued in the recent WSJ article about Kaspersky (note that the article is behind a pay wall), AV software could threaten the […]

Equifax Breach – Early lessons learned and six point action plan

In this post, we’ll discuss a few early lessons learned from the Equifax breach announced yesterday.  We’ll also recommend a six point plan to avoid becoming “the next Equifax” based on what we know today about the breach. Rendition is in no way involved with the breach assessment for Equifax and we have no inside […]

The need for cyber security in law firms

An interesting article came through our feed today mentioning the need for cyber security in law firms.  As an information security company that works with law firms, we couldn’t agree more.  The article makes a number of points, but leaves a couple of critical things out, and we’d like to cover those here.  It’s worth […]

The need for dump analysis in Cyber Threat Intelligence (CTI)

Over the last year, there have been numerous dumps of stolen classified data posted on the Internet for all to see.  The damage from these dumps has obviously been huge to the US intelligence community.  In this post, we won’t discuss the actual damage of the dumps to the intelligence community (many others have already […]

Software plugins/extensions should be part of your threat model

Over the last few months we’ve seen multiple cases of warnings about plugins and extensions for various software packages threatening the security of users.  We’ve recently seen the Copyfish and and Web Developer Chrome plugins compromised and used to push malware to users. While Chrome is likely safe and should probably not be considered a […]

Honestly evaluating the Kaspersky debate

Rendition Infosec is a zero-FUD (fear, uncertainty, and doubt) firm.  We pride ourselves on offering balanced, honest views to our clients and the general public. So far, Rendition has posted on the Kaspersky debate twice.  In the first post, Rendition educated the public on why a software audit would not address the fears raised by […]

Is your antivirus software part of your threat model? Maybe it should be…

Recently we learned that the US Senate was pushing to add language to the National Defense Authorization Act (NDAA) that would prohibit the purchase and use of Kaspersky software anywhere in the DoD.  This is nearly certainly a political move and CyberScoop’s Patrick Howell O’Neill did a great job of covering this story already from […]

Corporate Business Impact of Newest Shadow Brokers Dump

Yesterday, the Shadow Brokers released the password for the encrypted zip file they seeded last year (link). This release gives threat intelligence teams unprecedented insight into the capabilities of the Equation Group Hackers.  The dump appears to contain only Linux and Unix tools and exploits, so organizations running only Windows don’t need to react to […]

In Your Face – Securing Digital Displays

On Monday, a large publicly visible art exhibit in Spain that normally shows projections of modern art displayed pornography for 45 minutes.  Per this story (in Spanish), the taxi drivers who viewed the porn while waiting for riders at a nearby train station were thrilled (pun definitely intended), but most people were understandably not happy.  The […]

Your cart
subtotal:
$0.00

This will be copy area - something to the effect of estimated ship time if applicable

CONFIDENTIAL

Rendition's advanced courses contain the latest in information security knowledge. Please contact us for more information.

This page has proprietary information in it, please contact us for more information.