“Intelligence” is an overloaded concept in that the term may refer to a variety of items, actions, and deliverables. Attempts to define intelligence have existed for decades, and for a seemingly direct concept lead to extended discussion. As such, relatively new variations of this concept, such as “cyber threat intelligence” Read more
Computer science and particularly information security stories can occasionally “color” more general discourse, such as rampant speculation of cyber components of recent conflicts. But rarely do highly technical items reach true “escape velocity” to inundate popular media. The past few days have observed just this phenomenon with Anthropic’s announcement of Read more
A core part of my teaching at Paralus is guiding attendees towards mechanisms of fusing internal telemetry and understanding with external data sources and feeds to arrive at a more robust understanding of threat actor operations and behaviors. This perspective is reflected in my work on intelligence production and development Read more
The United States’ Cybersecurity and Infrastructure Security Agency (CISA) launched a campaign roughly aligned with Russia’s horrific invasion of Ukraine in 2022 called “Shields Up.” At its core, “Shields Up” was designed as a set of relatively straightforward security best practices to prepare for expected increases in threat actor operations. Read more
I recently came across a job posting for a cyber threat intelligence (CTI) analyst position. Given recent issues in the CTI marketplace with many individuals finding themselves in need of new roles, this at first glance appeared an excellent opportunity to pass on to those looking for work. However, with Read more
Information security space observers may have encountered a phrase born out of both frustration and levity in 2023: “Hot Zero Day Summer.” While nearly two months remain as of this writing for Summer 2023, anecdotal evidence suggests that adversaries increasingly leverage vulnerabilities in external-facing applications and appliances to drive intrusions. Certainly, other Read more
While the end of 2020 was dominated by Nobelium’s supply chain intrusions, 2021 closes with continued worry and response over vulnerabilities in the widely-deployed Log4j library. Starting in earnest on 10 December 2021 with public disclosure of CVE-2021-44228, information security practitioners and security program managers have subsequently dealt with a Read more
On 13 September 2021, researchers from Citizen Lab disclosed FORCEDENTRY: a zero-click vulnerability impacting pretty much all Apple operating systems based on a flaw in the CoreGraphics rendering application. As a zero-click (i.e., requiring no user interaction) vulnerability, FORCEDENTRY represents a deeply concerning technical problem. Yet based on Citizen Lab’s Read more
Questions concerning responsibility for the current epidemic of ransomware events are common, and seek to identify some concrete party to hold accountable for incidents. Yet the immediate perpetrators – largely (but not exclusively) criminal gangs operating in Eastern Europe and Russia – either represent too remote an entity for blame, Read more
One of the penultimate, and more poignant, episodes of the television series Band of Brothers was “Why We Fight.” The episode highlighted how, although the members of the unit followed through the series faced multiple trials and setbacks, the discovery of concentration camps emphasized the necessity for continuing the struggle Read more