Start your day with intelligence. Get The OODA Daily Pulse.
Home > OODA Analysis and Briefs
Gary Harrington’s career in special forces and the CIA could be the basis for a very successful action movie. For over thirty years, he directly planned or executed dozens of unconventional warfare operations on our Nation’s adversaries.
Managing the nexus between physical and cyber security is possible with a deliberate mindset and full cooperation and integration between the two teams. Physical security practitioners should view cyber defense experts as a vital component of their risk management strategy.
OODA’s Cyber Threat Analysis Report provides the “so what” behind the news and events we track on a daily basis. When it comes to putting cyber news in context, there really is no substitute for experience. The context in this report is provided by one of the most highly regarded cybersecurity practitioners and pioneer of…
Months ago we began to formulate an assessment that a history-making announcement in quantum computing was about to be made. For years the big players in quantum research, including IBM, Microsoft and Google, have been pursuing different methods of using quantum effects to do new calculations. Google had even made announcements indicating they thought they…
The space domain is transforming into an increasingly contested and congested environment. The President has referred to it as a critical warfighting domain and in response, the Department of Defense has recently established U.S. Space Command as a unified combatant command to employ space capabilities and lead space operations. In the private sector, we have…
In the cyber defense community, we talk about a wide-range of risk mitigating technologies, strategies, and activities. We talk about attacker deterrence and increasing costs for the attacker. We invest in endpoint agents, threat intelligence, DLM, and other mitigating technologies on a daily basis. Here’s why one of the most compelling emerging use cases for…
This special report provides an overview of the dynamic trends underway in the cyber insurance market, including actionable information that executives can put to use right now in determining the right approach to using cyber insurance to transfer risk. The report also provides insights which can be of use to any tech firm seeking to…
Edward Snowden’s new book is out next Tuesday, but OODA Loop got an advance copy. In the book, Snowden identifies two major catalysts that not only pushed him over the edge, but also informed his strategy for how he leaked the highly classified material. One of them was a complete surprise.
OODA’s Cyber Threat Analysis Report provides the “so what” behind the news and events we track on a daily basis. When it comes to putting cyber news in context, there really is no substitute for experience. The context in this report is provided by one of the most highly regarded cybersecurity practitioners and pioneer of…
“People may look back at where we are now and discover we were in the middle of a cognitive cold war.” Collective intelligence is changing the way humans, organizations and machines support each other. Read about how David Bray from the People Centered Internet has spent his eclectic career working on the nuances of these…
This is the second of a series on our nation’s most neglected critical infrastructure, our cognitive infrastructure. The first post dove into the nature of the challenge and why it is so important for our future that the threats to our cognitive infrastructure are understood and addressed. This post flows from that one and suggests…
The term quantum uncertainty refers to the unique property of not being able to know the direction and speed of a particle at the same time. However if you were in Washington DC area this summer quantum uncertainty could also describe the confusion of defining the quantum threat to national security and countermeasures to contain…
Stu Sjouwerman’s has a knack of seeing future technology needs, and the timing to put solutions in place. He built and sold his endpoint solutions company before the market became over saturated with products and started focusing his efforts on security awareness and training in 2010. Read about his successful career of creating companies, including…
This special report is the first of a two-part series designed to both inform OODA members on the nature of challenges to our nation’s most critical infrastructure and provide recommendations for action that can mitigate these challenges. Our thesis is that America’s most critical infrastructure is our cognitive infrastructure. This is also the most attacked…
OODA’s Cyber Threat Analysis Report provides the “so what” behind the news and events we track on a daily basis. When it comes to putting cyber news in context, there really is no substitute for experience. The context in this report is provided by one of the most highly regarded cybersecurity practitioners and pioneer of…
The leftist-populist party of former Prime Minister Robert Fico has won the parliamentary elections in Slovakia, running on a campaign with two clear messages: no more military support to Ukraine and no more sanctions against Russia. Slovakia is a member of the NATO military alliance, which is backing Ukraine against Russian President Vladimir Putin, but…
President Joe Biden has vowed continued U.S. support for Ukraine, after further military funding was excluded from a last-minute congressional budget deal. The temporary measure, pushed through to avert a government shutdown, did not include $6bn (£4.92bn) in military aid for Kyiv – a top White House priority. Hardline Republicans oppose further military aid, with…
CISA has launched a new program, Secure Our World cybersecurity awareness program, meant to promote four critical actions that businesses and individuals can take to improve cybersecurity. As part of this awareness-raising initiative, CISA is encouraging small to medium-sized businesses (SMBs), individuals, and families to use strong passwords, to turn on multi-factor authentication, to be…
Users of Bing Chat, the GPT-4-powered search engine Microsoft introduced earlier this year, are being targeted with ads leading to malware. Potential victims are prompted to download the installer, which contains three files, one of which is a heavily obfuscated malicious script. When the installer is run, the script connects to an external IP address…
In the latest development around the cyberattack impacting Johnson Controls International (JIC), officials at the Department of Homeland Security (DHS) are now reportedly concerned that the attack may have affected sensitive physical security information. Johnson Controls serves as a government contractor, providing building automation services to facilities, such as HVAC, fire, and security equipment. Johnson…
The U.S. Department of State must fully implement its cybersecurity risk program and take additional steps to better protect its IT network and systems, a report by the General Accounting Office (GAO) warns. The State Department has completed the authorization process for only 44% of its nearly 500 information systems, and has yet to implement…
As robotics and artificial intelligence technologies advance, their combined use in medicine will become pronounced as time marches on. Both robotics and artificial intelligence are widely used in the medical field today. Robotics are used in surgery to assist doctors in delicate procedures, robotic exoskeletons are used in rehabilitation from injury or illness, and so…
For all the encouragement in the corporate world on how business leaders can strategically leverage generative artificial intelligence, hesitation has been growing as well, with some company leaders increasingly fearing the drawbacks of generative AI— and particularly the data security risks posed by these tools. In light of these growing concerns, some leaders might decide…
Meta CEO Mark Zuckerberg has unveiled his firm’s new artificial intelligence (AI)-powered assistant — Meta AI — his answer to OpenAI’s ChatGPT, which will integrate with Instagram, Facebook, WhatsApp and, eventually, the company’s mixed reality devices. Speaking at the Meta Connect event on Sept. 27, Zuckerberg explained that Meta AI is powered by the company’s large…
Chipmaker Intel said on Friday it had begun high-volume production using extreme ultraviolet (EUV) lithography machines at its $18.5 billion plant in Ireland, calling it a “landmark” moment as it seeks to regain ground on its rivals. Once the world’s leading chip manufacturer, Intel has lost the lead to Taiwan Semiconductor Manufacturing Co, but says…
The National Security Agency is starting an artificial intelligence security center — a crucial mission as AI capabilities are increasingly acquired, developed and integrated into U.S. defense and intelligence systems, the agency’s outgoing director announced Thursday. Army Gen. Paul Nakasone said the center would be incorporated into the NSA’s Cybersecurity Collaboration Center, where it works with…
Seven soldiers have been killed in Niger’s southwest in an attack by suspected rebels. The deaths on Thursday come as former colonial power France prepares to withdraw a counterinsurgency force stationed in the country at the request of its new military leaders, who seized power in a coup two months ago. French President Emmanuel Macron…
The United States National Security Agency (NSA) has announced the creation of an artificial intelligence security center that will oversee the development and integration of AI capabilities within U.S. defense and intelligence services. The establishment of an AI security center follows an NSA study that identified securing AI models from theft and sabotage as a…
China is spending billions of dollars a year to shape perceptions of China through influence, censorship and disinformation in a large-scale campaign that could threaten global freedoms, the United States has said. The Global Engagement Center’s report identified five main elements of China’s global media strategy: leveraging propaganda and censorship, promoting digital authoritarianism, exploiting international…
The Privacy and Civil Liberties Oversight Board, an independent agency within the executive branch, has recommended that federal spy agencies should be required to obtain court approval before reviewing the communications of US citizens collected through a secretive foreign surveillance program known as Section 702 of the Foreign Intelligence Surveillance Act. This recommendation was made…
The Democratic-led U.S. Senate forged ahead on Thursday with a bipartisan stopgap funding bill aimed at averting a fourth partial government shutdown in a decade, while the House began voting on partisan Republican spending bills with no chance of becoming law. The divergent paths of the two chambers increased the odds that federal agencies will…
Cloudflare, a major cybersecurity vendor offering web application firewall (WAF), bot management, and distributed denial-of-service (DDoS) protections, has been warned about gaps in its security controls. These vulnerabilities allow users to bypass customer-configured protection mechanisms and target other users on the platform. The issue arises from shared infrastructure that all Cloudflare tenants have access to,…
Cybersecurity firm Cyfirma has warned about a high-severity remote code execution (RCE) vulnerability in Apache NiFi that can lead to unauthorized access and data breaches. Tracked as CVE-2023-34468, the vulnerability was addressed in June 2023 but remains a threat. It can be exploited by authenticated users to configure a database URL with the H2 driver,…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an old vulnerability affecting JBoss RichFaces that has been exploited in attacks. The vulnerability, tracked as CVE-2018-14667, was added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog, and federal agencies have been instructed to apply mitigations or discontinue the use of the product…
The topic of artificial intelligence’s rising involvement in our digital world and its associated opportunities and challenges have been the main topics of discussion at many security conferences and events in recent times. There is little doubt that humankind is on the verge of an era of exponential technological advancement, and AI is leading the…
Manuela Veloso is one of the world’s most renowned roboticists, artificial-intelligence researchers and hand talkers. Born and raised in Portugal, Veloso has spent most of the past 40 years lecturing to packed halls. When she’s really feeling one of her greatest hits — the creation of her robot soccer team, the eternal mysteries of AI…
Amazon today announced the general availability of Bedrock, its service that offers a choice of generative AI models from Amazon itself and third-party partners through an API. Bedrock, which was unveiled in early April, allows AWS customers to build apps on top of generative AI models and customize them with their proprietary data. Leveraging these models,…
Elon Musk’s SpaceX has received its first contract from the US Space Force to provide customized satellite communications for the military under the company’s new Starshield program, extending the provocative billionaire’s role as a defense contractor. Space Exploration Technologies Corp. is competing with 15 companies, including Viasat Inc., for $900 million in work orders through…
OpenAI is in advanced talks with former Apple designer Sir Jony Ive and SoftBank’s Masayoshi Son to launch a venture to build the “iPhone of artificial intelligence”, fuelled by more than $1bn in funding from the Japanese conglomerate. Sam Altman, OpenAI’s chief, has tapped Ive’s company LoveFrom, which the designer founded when he left Apple…
At least one person was killed and 162 injured in a massive warehouse explosion in the capital of Uzbekistan, Tashkent, early on Thursday. morning. The situation is under control as workers continue efforts to extinguish the fire caused by the explosion. A teenager died at the scene and 24 of the people who were injured…
Taiwan has revealed its first domestically-made submarine as it bolsters its defenses against possible Chinese attacks. The launch ceremony was held in the port city of Kaohsiung on Thursday and was presided over by President Tsai Ing-wen. US officials have warned that China could be capable of mounting an invasion of Taiwan in the next…
A powerful storm has swept away roads, smashed bridges and flooded homes in parts of central Greece, just three weeks after heavy rains killed 16 people in the wider region. The storm, Elias, caused extensive flooding in Volos on Thursday and left hundreds of people stranded in mountain villages. The fire service carried out multiple…
An old Chinese state-linked actor has been manipulating Cisco routers to breach multinational organizations in the US and Japan. BlackTech has been replacing device firmware with a malicious version to pivot from smaller, international subsidaries to headquarters of affected organizations. The organizations include media, technology, electronics and government sectors. A joint cybersecurity advisory from the…
The Chrome zero-day exploited and patched by Google a few weeks ago has a new ID of CVE-2023-5129 and a description reveling that the vulnerability is not in Chrome, but is in the libwebp library, which is used by many applications for encoding/decoding the WebP image format. The flawed implementation of the Huffman coding algorithm…
Cisco announced patches for multiple vulnerabilities that are impacting its products. One of the vulnerabilities is a medium-severity flaw in IOS and IOS XE software and it appears to have been exploited in attacks. The vulnerability is identified as CVE-2023-20109 and impacts the Group Encrypted Transport VPN of IOS and IOS XE and can lead…
In the technology world, the latter half of the 2010s was mostly about slight tweaks, not sweeping changes: Smartphones got slightly better, and computer processing somewhat improved. Then OpenAI unveiled its ChatGPT in 2022 to the public, and—seemingly all at once—we were in a qualitatively new era. The predictions have been inescapable in recent months.…
Binance, the world’s largest crypto exchange, is exiting Russia, following a sale of its Russia-based operation to a newly-established crypto exchange named CommEX. The company was created on Tuesday, a day before the announcement. Binance will not have a 50-50 shared revenue split with the new company. “Unlike similar deals from international companies in Russia, Binance…
Record-breaking NASA astronaut Frank Rubio has finally returned to Earth, feeling the pull of the planet’s gravity for the first time in more than a year. Rubio and his two Russian colleagues — cosmonauts Sergey Prokopyev and Dmitri Petelin — parachuted to a landing in Kazakhstan aboard the Russian Soyuz MS-23 capsule at 5:17 p.m.…
Few board directors at the most prominent U.S.-listed companies have direct experience with cybersecurity, presenting a challenge for how executives handle cyberattacks. An analysis of board composition in companies in the S&P 500 index found that 88% have no cybersecurity expert as a director. Only seven companies had a current or former chief information security…
In the rapidly evolving landscape of today’s workforce, employee burnout has emerged as a pressing concern. The relentless pace, excessive demands, and constant connectivity have taken a toll on the well-being of employees. However, the synergy of Artificial Intelligence (AI) and forward-thinking Future of Work policies offers a promising path to mitigate burnout, improve employee…
At least 11 people have been killed after heavy rain and winds hit South Africa’s Western Cape province, including Cape Town, over the weekend leaving a trail of destruction. Authorities warn that the death toll may rise as the floodwater subsides. The destructive weather flooded homes, tore off roofs, destroyed crops and damaged roads and…
Germany has banned the far-right sect Artgemeinschaft for spreading Nazi ideology to children and young people. The country’s interior minister called the group “deeply racist and antisemitic” and said it was trying “to raise new enemies of the constitution.” Artgemeinschaft used Nazi-era literature and cultural events to spread its ideology. Police have raided dozens of…
Azerbaijan has arrested Ruben Vardanyan, a former leader of Nagorno-Karabakh, as he attempted to leave the enclave for Armenia. Vardanyan, a businessman who headed the separatist government from November 2022 until February, was among thousands trying to leave Nagorno-Karabakh, which was seized by Azerbaijan last week. Azerbaijan has claimed to be looking for “war crimes”…
A devastating fire broke out during a wedding celebration in Qaraqosh, Iraq’s biggest Christian town, resulting in at least 100 deaths and 150 injuries. The cause of the fire is not yet known, but some reports suggest that fireworks may have ignited it. Flammable panels in the building exacerbated the flames, causing parts of the…
Apple has released macOS 14 Sonoma, which includes patches for over 60 vulnerabilities. These flaws could potentially allow attackers to obtain sensitive information, execute arbitrary code with elevated privileges, escape the sandbox, cause denial-of-service conditions, escalate privileges, bypass security mechanisms, delete files, modify protected parts of the file system, and conduct UI spoofing. While some…
Google has open-sourced BinDiff, a binary file comparison utility that has been maintained by the company for over a decade. BinDiff allows users to identify similarities and differences in disassembled code and supports multiple architectures and disassembly tools such as IDA Pro, Binary Ninja, and Ghidra. Security researchers can use BinDiff to analyze multiple versions…
Threat actors have carried out a campaign where they injected fake Dependabot contributions into hundreds of GitHub repositories to insert malicious code, according to a report by Checkmarx. In this campaign, attackers used stolen GitHub personal access tokens to gain access to repositories and push code, potentially compromising sensitive information and user passwords. To avoid…
Mozilla has released security updates for Firefox and Thunderbird to address nine vulnerabilities, including high-severity flaws. Firefox 118 includes patches for all nine vulnerabilities, which are primarily memory-related issues that could lead to exploitable crashes. Two high-severity flaws are out-of-bounds write issues that could result in potentially exploitable crashes in privileged processes. Another high-severity bug…
In the wake of ChatGPT, every company is trying to figure out its AI strategy, work that quickly raises the question: What about security? Some may feel overwhelmed at the prospect of securing new technology. The good news is policies and practices in place today provide excellent starting points. Indeed, the way forward lies in extending the…
GitHub CEO Thomas Dohmke is right on the front line of artificial intelligence. GitHub, a software development platform, has been leading the charge in a key area that generative AI will completely transform. The company, which Dohmke has helmed since 2021, has been collaborating with ChatGPT-maker OpenAI to build a coding-specific AI chatbot called Copilot,…
The US is “in a space race with China to go back to the moon”, says Nasa chief Bill Nelson. In a BBC interview, Mr Nelson says he wants to make sure “we get there first”. His comments revive memories of the 1960s and 1970s, when Nasa was in a space race with the Soviet…
While not much is known about the Lazarus Group, researchers have attributed numerous cyber attacks to them over the past decade, as well as ties to Russia. The Lazarus Group (also known as the Guardians of Peace or the Whois Team) is a cybercriminal group with an unknown number of hackers. One of the earliest…
US intelligence agencies are getting their own ChatGPT-style tool to sift through an avalanche of public information for clues. The Central Intelligence Agency is preparing to roll out a feature akin to OpenAI Inc.’s now-famous program that will use artificial intelligence to give analysts better access to open-source intelligence, according to agency officials. The CIA’s…
Mexico’s government recently deployed over 1,500 National Guard, army, and police to the Frontera Comalapa region of the Chiapas border state. The initiative comes after a video of locals applauding an armed convoy of drug cartel members ‘liberating’ the city from a rival gang went viral over the weekend. Some local reporters stated that the…
Stealth Falcon is an advanced persistent threat (APT) actor with ties to the United Arab Emirates (UAE). The APT group has previously targeted journalists, activists, and dissidents on behalf of the UAE government. ESET observed the group using a new backdoor, Deadglyph, against other governments in the Middle East. Deadglyph functions as both an executor…
ThreatFabric recently analyzed Xenomorph Android banking samples that display an expanded target list, including North American users. Threat researchers first discovered Xenomorph in February 2022. The banking trojan is capable of mimicking legitimate websites to steal login credentials and personal information. The malware can also intercept notifications and bypass two-factor authentication. Threat actors used the…
Thousands of ethnic Armenians fled the Nagorno-Karabakh region on Monday, producing miles-long lines along the mountain roads to Armenia. Armenian leadership in Karabakh stated that many of the region’s 120,000 residents do not intend to remain in the area as it comes under Azerbaijani control. Adding to the chaotic exit, an explosion at a gas…
United States Central Command (USCENTCOM) announced on Monday that a Saturday operation in northern Syria led to the capture of a senior Islamic State official. USCENTCOM assessed that “Abu Halil al-Fad’ani” is an ISIS Syria Operational and Facilitation official with connections to ISIS leadership throughout the region. The helicopter raid did not harm or kill…
Ukrainian special forces announced on Monday that they killed a top admiral, Viktor Sokolov, and 33 other officers in a missile strike last week. The attack targeted Russia’s Black Sea Fleet headquarters in Sevastopol. The Russian Defence Ministry released footage on Tuesday of Sokolov attending a video conference with Defence Minister Shoigu and other military…
The University of Toronto’s Citizen Lab group and Google’s Threat Analysis Group recently discovered three zero-days: CVE-2023-41991 (signature verification bypass), CVE-2023-41992 (local privilege escalation), and CVE-2023-41993 (arbitrary code execution via malicious webpage). A threat actor chained the zero-days in a spyware attack against Egyptian lawmaker Ahmed Altantawy. A threat actor infected the opposition leader’s cellphone…
Palo Alto Networks observed the advanced persistent threat (APT) actor Gelsemium targeting government organizations in Southeast Asia. The cyberespionage campaign deployed web shells, backdoors, and a Cobalt Strike beacon to establish access and collect intelligence. The threat actor specifically used the reGeorg, China Chopper, and AspxSpy web shells to run commands. Some attacks utilized the…
In today’s business landscape, traditional industries—or those that predate much of modern-day technology such as healthcare, finance, manufacturing, home services, and transportation—face the obstacle of keeping up with an ever-changing array of digital tools that often take extra time to trickle down to all sectors. A prominent example of these tools is artificial intelligence (AI)—software…
In the world of security services where companies are gripped by labour shortages, some are turning to robots. Ed Bacco, a technology executive who joined ADT’s commercial arm just over four years ago, sees androids as a way of getting around the intense battle for talent and high turnover rates that have always been a…
Mixin Network was hit by an exploit on Sunday, resulting in a loss of up to $200 million, as reported in a tweet by the team earlier today. The project features a wallet for cross-chain asset transfers and a decentralized exchange to swap assets such as Bitcoin, Ethereum, XRP, Litecoin, and Dogecoin among others. In…
So far, the public faces of the new space race have been billionaires like Jeff Bezos and Richard Branson joyriding around in rockets, having maybe the most expensive midlife crises ever. But behind the scenes, big tech is thinking more seriously about the first non-Earth production lines. For some startups, the most pressing questions in…
Copyright © 2025 — All Rights Reserved.
Notifications