I recently came across a job posting for a cyber threat intelligence (CTI) analyst position. Given recent issues in the CTI marketplace with many individuals finding themselves in need of new roles, this at first glance appeared an excellent opportunity to pass on to those looking for work. However, with Read more…
Information security space observers may have encountered a phrase born out of both frustration and levity in 2023: “Hot Zero Day Summer.” While nearly two months remain as of this writing for Summer 2023, anecdotal evidence suggests that adversaries increasingly leverage vulnerabilities in external-facing applications and appliances to drive intrusions. Certainly, other Read more…
On 11 January 2023, the “Ghost Security Group” (commonly referred to as “GhostSec”) issued a bold claim (captured on Twitter, among other places) that they “encrypted the first RTU in history.” The claim rapidly came under scrutiny from several directions – for an excellent analysis of this specific case and Read more…
Updated 23 Nov 1355 MST: Added some additional observations related to logon spoofing infrastructure. Domain “hunting” is a process of identifying new (or at least, newly identified) network infrastructure associated with threat actors of interest. Such a process does not start in a void, but rather requires understanding tendencies and Read more…
In the early hours of 24 February 2022, Russian forces initiated offensive, kinetic action against multiple targets across Ukraine. While shocking given the naked brutality of these strikes, this invasion represented the culmination of a months-long build-up, and arguably the final phase of a conflict that started in 2014. As Read more…
While the end of 2020 was dominated by Nobelium’s supply chain intrusions, 2021 closes with continued worry and response over vulnerabilities in the widely-deployed Log4j library. Starting in earnest on 10 December 2021 with public disclosure of CVE-2021-44228, information security practitioners and security program managers have subsequently dealt with a Read more…
“Zero days” are popular items in cyber security discussions. They grab headlines, they often feature in high-profile conference presentations, they can even apparently spawn television shows. Yet for all the attention and frequent discussion in non-technical audiences, the term itself seems a bit slippery. Terms like “zero day attack” are Read more…
On 13 September 2021, researchers from Citizen Lab disclosed FORCEDENTRY: a zero-click vulnerability impacting pretty much all Apple operating systems based on a flaw in the CoreGraphics rendering application. As a zero-click (i.e., requiring no user interaction) vulnerability, FORCEDENTRY represents a deeply concerning technical problem. Yet based on Citizen Lab’s Read more…
Questions concerning responsibility for the current epidemic of ransomware events are common, and seek to identify some concrete party to hold accountable for incidents. Yet the immediate perpetrators – largely (but not exclusively) criminal gangs operating in Eastern Europe and Russia – either represent too remote an entity for blame, Read more…
The information security industry finds itself, as of this writing, in the midst of a ransomware pandemic. While Business Email Compromise (BEC) likely remains more financially successful overall, much of this success is due to far wider scope and selection of victims. Ransomware, while potentially less costly in a direct Read more…