Today, Bloomberg published an article claiming that at least some Super Micro motherboards contained hardware backdoors. While we don’t have any inside information, we’ve been fielding several calls from clients about actions they should take and wanted to expand our thoughts on this outside our existing customer base. To begin, it’s important to note that […]
Archive | Cyber Threat Intelligence
Should Antivirus software be part of your threat model?
Antivirus Cyber Threat Intelligence Kaspersky Software Supply Chain Threat ModelShould Antivirus (AV) software be part of your threat model? Strictly speaking, yes it probably should be. AV is potentially dangerous to an organization and should be tested thoroughly before being deployed. As argued in the recent WSJ article about Kaspersky (note that the article is behind a pay wall), AV software could threaten the […]
Equifax Breach – Early lessons learned and six point action plan
C-Suite Cyber Threat Intelligence Network Monitoring Penetration Testing Security Monitoring TableTop Exercises Technology Threat Model Web Application Penetration TestingIn this post, we’ll discuss a few early lessons learned from the Equifax breach announced yesterday. We’ll also recommend a six point plan to avoid becoming “the next Equifax” based on what we know today about the breach. Rendition is in no way involved with the breach assessment for Equifax and we have no inside […]
The need for cyber security in law firms
Cyber Threat Intelligence Law Firms Network Monitoring Threat ModelAn interesting article came through our feed today mentioning the need for cyber security in law firms. As an information security company that works with law firms, we couldn’t agree more. The article makes a number of points, but leaves a couple of critical things out, and we’d like to cover those here. It’s worth […]
The need for dump analysis in Cyber Threat Intelligence (CTI)
Cyber Threat Intelligence Shadow Brokers Threat Model WikiLeaksOver the last year, there have been numerous dumps of stolen classified data posted on the Internet for all to see. The damage from these dumps has obviously been huge to the US intelligence community. In this post, we won’t discuss the actual damage of the dumps to the intelligence community (many others have already […]
Software plugins/extensions should be part of your threat model
Cyber Threat Intelligence Security Monitoring Software Supply Chain Threat ModelOver the last few months we’ve seen multiple cases of warnings about plugins and extensions for various software packages threatening the security of users. We’ve recently seen the Copyfish and and Web Developer Chrome plugins compromised and used to push malware to users. While Chrome is likely safe and should probably not be considered a […]
Honestly evaluating the Kaspersky debate
Antivirus Cyber Threat Intelligence Kaspersky Threat ModelRendition Infosec is a zero-FUD (fear, uncertainty, and doubt) firm. We pride ourselves on offering balanced, honest views to our clients and the general public. So far, Rendition has posted on the Kaspersky debate twice. In the first post, Rendition educated the public on why a software audit would not address the fears raised by […]
Is your antivirus software part of your threat model? Maybe it should be…
Antivirus Cyber Threat Intelligence Kaspersky Threat ModelRecently we learned that the US Senate was pushing to add language to the National Defense Authorization Act (NDAA) that would prohibit the purchase and use of Kaspersky software anywhere in the DoD. This is nearly certainly a political move and CyberScoop’s Patrick Howell O’Neill did a great job of covering this story already from […]
CRASHOVERRIDE guidance from NCCIC is confusing at best
CRASHOVERRIDE Cyber Threat Intelligence Hackers Malware NCCICAfter reviewing the awesome Dragos Inc report on CRASHOVERRIDE, Rendition analysts received a similar alert from US Cert and NCCIC. After reviewing the guidance from NCCIC, we were less than thrilled. The second recommendation from NCCIC (take measures to avoid watering hole attacks) is impossible by its very definition. A watering hole attack first compromises […]
Call to Microsoft to release information about MS17-010
Cyber Attribution Cyber Threat Intelligence Hackers Responsible Disclosure TechnologyAfter delaying the release of Windows updates, Microsoft mysteriously released a patch for a group of vulnerabilities addressed by MS17-010 after canceling Patch Tuesday in February. This patch was released immediately before the release of a set of Windows exploits by the Shadow Brokers hacking group. Although Shadow Brokers purports to have stolen these exploits […]