We continually capture lessons learned and best practices for reducing digital risk and enhancing cybersecurity and maintain a list you can use to review to ensure you and your team are optimizing defenses.
We provide no-nonsense tips on topics like:
- How to configure our DNS to reduce the chances that malware will propagate in your systems
- How to pick the best cybersecurity framework for your organization
- Tips for dealing with your data
To see the full list visit: OODA Loop Cybersecurity Best Practices
And for external review of your cybersecurity posture see OODA LLC offerings in:
OODA LLC is a CTO advisory and Due Diligence firm operating across multiple sectors of the economy. We are known for our ability to help companies mitigate risks and increase compliance while optimizing security spend.
Crucial Point helps clients improve defenses by:
- CISO as a Service: Strategic leadership for corporate security programs, including evaluation of an exercising of incident response plans.
- CTO as a Service: Technical architecture review and senior advice, including action plans for modernization and cloud transition.
- Independent verification and validation of compliance, including GDPR, FFIEC, NIST.
We would love to serve your efforts. Contact OODA LLC for more information.
BBC news ran a piece titled “Jamal Khashoggi: Saudi murder suspect had spy training” which provides more details on one of the 15-member team sent to kill Jamal Khashoggi. Maher Abdulaziz Mutreb was trained in how to use offensive spyware technology as part of nation-state sponsored efforts for the Saudi state.
A source described how Mr. Mutreb spent time in a course with him in 2011 learning to use tech his company was providing the Saudi government so it could carry out targeted attacks on the phones and computers of its own citizens.
From the BBC report:
“This information might have been basically everything from [their] GPS position, conversation, microphone audio around the device itself, camera pictures, files on disk, emails, contacts, everything that was on the device itself.”
The tools he was trained in, the source said, were similar to other tools which, according to Citizenlab and Amnesty International, were recently used against several of Mr Khashoggi’s friends.
We have a recommendation for all journalists as well as anyone else seeking to make it harder to be spied upon. Take action now to raise your defenses by reviewing the OODA Guide to Cybersecurity Best Practices.
And for external review of your cybersecurity posture see OODA LLC offerings in:
Fing is a nice app that runs on your smartphone or tablet that will show you who else is on your network. It puts an interface on capabilities like Ping, Traceroute and many others and presents information in a way that is fast. You can find links to download the app at Fing.io. Next time you decide to join a public WiFi network at a conference or hotel you can launch Fing and see how they have configured the network and if you can see others on the net. Note: The Fing app works a bit better on Android, for now. Apple has restricted the ability of applications to see some technical info (specifically MAC addresses). But the greatest functionality of the app is its connectivity to the device mentioned below, the FingBox. So don’t let the lack of ability to scan MAC addresses deter you from downloading the app.
Fing now has something that makes it far more powerful than just an app on your mobile device. They offer a device for your home network called the Fingbox. This adds network security and troubleshooting to watch over your network and give you control to block users you don’t want in your net. It detects intruders, manages devices authorized to use your network and also analyzes the quality of your WiFI and Internet connections. Fingbox also gives you parental controls.
Another really neat thing it will do is give you a “WiFi Fence” around your home. This of this like having a magic super power. You can set it to give you alerts when any device comes near your home. Imagine getting an alert when the mailman approaches or when the pizza delivery guy gets near. Imagine getting an alert when a bad guy comes close at night. Or would you like to know when a WiFi enabled drone is within range of your house?
I love the Fingbox and mostly highly recommend it to anyone with WiFi at home. Find it here.
CTOvision reports on all the megatrends driving the future of IT, including trends in cybersecurity. More importantly, we track how the functionality of Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics and the Internet of Things will require new approaches to cybersecurity.
If you enjoy the daily Threat Brief we know you will enjoy CTOvision. Sign up for our newsletters at: https://ctolink.us/CTOnews
Threat Brief Mobile App is now available for all Apple iOS and Android devices.
This is a great way to track the cyber threat while on the go.
To find it search for ThreatBrief in your favorite app store, or follow these links:
Please download today and let us know what you think.
The Daily Threat Brief is designed to give you awareness of risks, so you can mitigate them!
Our team has a track record of safeguarding some of the nation’s greatest secrets, equipping U.S. leadership with actionable intelligence that helps protect lives and driving technology innovation that has kept key agencies generations ahead of our adversaries.
Reply to any of our products to ask for more information on how we can serve your efforts.
For more on what we do and to engage us in a dialog see: Crucial Point
The Daily Threat Brief aims to provide the gist of current trends in adversary behavior and insights into mitigation strategies that are working. We also report on the results of longer term studies and provide the results of research from our own staff and from highly regarded sources in the cybersecurity community. We also keep lists of references to help you to dive deeper into the threat yourself. You can find a short list of key sources on our Threat References page.
We summarize strengths and weaknesses of the most reputable open source intelligence reports. See summaries of them at the following links:
- Recorded Future: The gold standard in cyber threat intelligence analysis
- Verizon Data Breach Investigations Report (DBIR): Lessons learned from breach analysis
- Verizon Data Breach Digest (DBD): Snapshots of incidents
- Microsoft Security Intelligence Report: Insights include data from crash analysis
- Symantec Internet Security Threat Report: Heavy focus on threats to consumers and small business
- McAfee Labs Threat Reports: Heavy focus on threats to consumers and business
- Accenture Cyber ThreatScape Report: Insights from an incredibly professional team serving global business
- CyberEdge Group CyberThreat Defense Report: Survey of IT and security professionals
- Trustwave Global Security Report: Focus on retail
- Wombat Security State of the Phish: Good source on what phishing is working and how to mitigate
- Groupsense Special Report on SHARK20385 A look into automated weaponization of stolen credentials and the impact to Internet forum and social media discourse
We would love your inputs on this list. Do you have a favorite open source research report we should make the community aware of? Reply to our newsletter with any inputs.
When People Magazine decides they need to start reporting on the cyber threat you know we are living in dangerous times. We have always believed more people should be informed of the threat and should work to mitigate risks, and are happy to have been a part of recent reporting in People.
In it, Threat Brief publisher Bob Gourley of OODA provides tips for the average computer user including:
- Stay aware of the threat
- Pick passwords that are impossible to guess but easy to remember (tips are given in the article)
- Don’t use free email from your isp. Use Google mail.
- Use two factor authentication whenever you can.
- Look for spoofed emails and links
- Use a password manager like Dashlane
- Know what https is and how to spot it in your browser
The Cyber Threat was written to help executives, especially those without a deep background in cybersecurity, understand the nature of adversaries in cyberspace. The book includes a new section on the technological environment that can help decision-makers get their heads around the new tech enabled world arising around us. The book also captures key lessons from the most important cyber attacks in history, providing insights any modern executive can benefit from knowing.
Now more than ever, organizations need their executives and workforce to have a better grasp of the threats to business outcomes outlined in this book.
The book is available in paperback and electronically via Kindle.
For more info and to order see: The Cyber Threat.What They Are Saying
“The Cyber Threat captures insights into dynamic adversaries that businesses and governments everywhere should be working to defeat. Knowing the threat and one’s own defenses are the first steps in winning this battle.”
Mike McConnell, Admiral, USN (Ret), Former Director of National Intelligence and Director, NSA
“There are no excuses anymore. Trying to run a business without awareness of the cyber threat is asking to be fired. The Cyber Threat succinctly articulates insights you need to know right now.”
Scott McNealy, Co-founder and Former CEO, Sun Microsystems and Chairman Wayin
“When I’m researching my own books, I always turn to Bob Gourley. I make diasasters up. He’s seen them for real. And most important, he knows how to stop them. Read this. It’ll scare you, but also protect you.”
Brad Meltzer, #1 bestselling author of The Inner Circle
“The insights Bob provides in The Cyber Threat are an essential first step in developing your cyber defense solution.”
Keith Alexander, General, USA (Ret), Former Director, NSA, and Commander, US Cyber Command
“Vaguely uneasy about your cyber security but stumped about what to do? Easy. READ THIS BOOK! “The Cyber Threat” will open your mind to a new domain and how you can make yourself safer in it.”
Michael Hayden, General, USAF (Ret), Former Director, NSA and Director, CIA
“Bob Gourley was one of the first intelligence specialists to understand the complex threats and frightening scope, and importance of the cyber threat. His book can give you the edge in what has emerged as one of the most compelling, mind-bending and fast moving issues of our time.”
Bill Studeman, Admiral, USN (Ret), Former Director, NSA and Deputy Director, CIA
For more see: TheCyberThreat.com
We have some exciting news to share.
We are combining our efforts with the analysts and researchers of OODAloop.com to provide enhanced reporting and analysis on threats and opportunities. The result: A new daily product of hand-curated cyber and risk intelligence that is more informative and more actionable.
You should see your first OODA Loop Daily Briefing on Tuesday 8 January 2019 shortly after 10am eastern.
Please let me know what you think of the new format. You can always reply to any of our newsletters to get directly to me.
Your subscription is still under your control. You can use the self service capabilities of MailChimp to update your email address, suspend delivery or unsubscribe using the links at the bottom of any of our emails.
Thank you and Happy New Year!
Avast launched its annual Threat Landscape Report, detailing the biggest security trends facing consumers in 2019 as collected by the Avast Threat Labs team.
“This year, we celebrated the 30th anniversary of the World Wide Web. Fast forward thirty years and the threat landscape is exponentially more complex, and the available attack surface is growing faster than it has at any other point in the history of technology,” commented Ondrej Vlcek, President of Consumer at Avast.
Read about the findings of the new Avast report on Help Net Security.
The CERT Coordination Center (CERT/CC) has published data on vulnerabilities affecting versions of Microsoft Windows and Windows Server.
Microsoft had issued an advisory for CVE-2018-8611, a Windows kernel elevation of privilege bug that exists when the Windows kernel fails to properly handle objects in memory. An attacker who exploited this flaw could run arbitrary code in kernel mode. The company also issued CVE-2018-8626 for a Windows DNS server heap overflow vulnerability. A remote code execution flaw exists in Windows DNS servers when they don’t properly handle requests, Microsoft explains.
Read more about the critical Windows flaws on DarkReading.
Many organizations have DevOps on their mind going into 2019. Firms will confront growing complexity and risk as they work to scale their DevOps initiatives in 2019. Part of this risk will come from their containers, for many organizations still lack transparency into these software pieces.
If they are to adequately mitigate their risk and minimize their exposure to digital threats, organizations will need to secure their containers. But are they prepared to do this? Tripwire’s State of Container Security Report found that 60 percent of organizations had been hit with at least one container security incident within the past year.
Read more about the findings of the new report on Tripwire.
In January of 2018, the world was introduced to two game-changing CPU vulnerabilities, Spectre and Meltdown, that brought “speculative execution side-channel vulnerability” into the enterprise IT security lexicon. Since then, a number of variants of the initial vulnerabilities have been found, along with new vulnerabilities taking advantage of similar functions within the CPUs.
Intel kicked off 2019 with a Jan. 2 editorial laying out its response to the Spectre and Meltdown vulnerabilities over the past year. The chip giant says the culture of the company has changed since the advent of Spectre and Meltdown, and its response has been effective. But vulnerabilities in the core of a CPU tend not to lend themselves too rapid, complete fixes, Intel says.
Read more about Intel’s response to Meltdown & Spectre on DarkReading.
Fewer Marriott guest records that previously feared were compromised in the massive data breach, but the largest hotel chain in the world confirmed that approximately 5.25 million unencrypted passport numbers were accessed. The compromise of those passport numbers has raised alarms among security experts because of their value to state intelligence agencies.
The FBI is leading the investigation of the data theft and investigators suspect the hackers were working on behalf of the Chinese Ministry of State Security, the rough equivalent of the CIA. The hackers also accessed about 20.3 million encrypted passport numbers. There is no evidence that they were able to use the master encryption key required to gain access to that data.
Read more about the Marriott data breach investigation on SecurityWeek.
Over the weekend, a hacker gained unauthorized access to the Queensland EWN, or Early Warning Network, and used it to send a spam alert via SMS, landline, and email to the company’s subscribers.
EWN is a service offered by Australian company Aeeris that allows Australian councils, or local governments, to send emergency alerts regarding extreme weather, fires, evacuation information, or incident responses. The unauthorized alerts stated that “EWN has been hacked. Your personal data is not safe.” They then went on to tell recipients to email email@example.com to unsubscribe from the service.
Read more about the security breach on BleepingComputer.
Amid a maelstrom of cybersecurity threats and rampant hacking attempts that leverage the power of the IoT against itself, organizations are forced to realize that they are on the losing side of this war.
As such, market vendors have no choice but to enhance their cybersecurity arsenal with more sophisticated tools which allow a deeper understanding of their users, devices, and systems. This will drive the security analytics market toward an impressive revenue of $12 billion by 2024, according to ABI Research.
Read more about the prognosis by ABI Rresearch on Help Net Security.
Singapore Airlines (SIA) says a software glitch was the cause of a data breach that affected 285 members of its frequent flyer programme, compromising various personal information including passport and flight details.
The “software bug” surfaced after changes were made to the Singapore carrier’s website on January 4 and enabled some of its Krisflyer members to view information belonging to other travellers, SIA told ZDNet in an email.
Read more about the Singapore Airlines data breach on ZDNet.
OODA’s CISO as a Service offering puts our seasoned team of experts on your side.
Our leadership has spent years working across multiple sectors of the economy and in government agencies helping organizations protect what matters most. We know the threat, know best practices and know the importance of keeping your security program focused on enabling your business objectives. Our CISO as a Service offering is the ideal choice for firms who have grown to the point where a more robust security program is required. We can provide the executive leadership to get your program off the ground and can assist you in your search for a full-time CISO.
For more information see: OODA LLC