Breaking the OODA Loop!
The OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act. OODA is an iterative process because after each action you need to observe your results and any new opposing action. The idea is that if you can consistently get to the…
Android.Lockscreen ransomware now using pseudorandom numbers
New variants of Android.Lockscreen are using pseudorandom passcodes to prevent victims from unlocking devices without paying the ransom. Previous versions of these threats locked the screen and used a hardcoded passcode, but analysts were able to reverse engineer the code to provide victims with the passcode to unlock their devices. Attackers have also combined a…
Microsoft Researchers Release Anti-Reconnaissance Tool
Microsoft researchers have released a new tool designed to help security teams protect corporate networks by making it more difficult for attackers to conduct reconnaissance. The tool, dubbed “NetCease,” was developed by Itai Grady and Tal Be’ery of the Microsoft Advanced Threat Analytics (ATA) research team. NetCease has been made available on Microsoft’s TechNet Gallery,…
IoT Default Passwords: Just Don’t Do It
Earlier this month, an underground forum released the code for the Mirai malware, which lets attackers hijack the thousands (and counting) of Internet of Things devices that are used to carry out distributed denial-of-service attacks. Panic ensued. Of course it did. This hack means that everyone can now view the code that allowed someone using…
Internet Routing Security Effort Gains Momentum
More than 40 network operators agree to filter routing information, prevent IP address-spoofing, and to work together to thwart Internet traffic abuse and problems. Cyber-criminals and nation-state hackers routinely hide behind phony IP addresses to mask their location and identity, but an Internet initiative that seeks to thwart that and other malicious and inadvertent traffic…
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 3, 2016
Earlier this week, the Internet Systems Consortium (ISC) issued an update for a high-severity security vulnerability that would allow the Berkeley Internet Name Domain (BIND) software to be exploited remotely to launch denial-of-service (DoS) attacks. This vulnerability, uncovered internally by ISC, is significant because BIND is the most widely-used software to implement Domain Name System…