Start your day with intelligence. Get The OODA Daily Pulse.
Informing your decisions with actionable intelligence
Start your day with intelligence. Get The OODA Daily Pulse.
Informing your decisions with actionable intelligence
Home > OODA Analysis and Briefs
The following selections are taken from “Unrestricted Warfare,” a book published in China in February 1999 which proposes tactics for developing countries, in particular China, to compensate for their military inferiority vis-à-vis the United States during a high-tech war. The selections include the table of contents, preface, afterword, and biographical information about the authors printed…
Two car bombs explorded near the education ministry in Somalia’s capital Mogadishu, killing at least 100 people. Over 300 other people were wounded in the attack on Saturday. Somali President Hassan Sheikh Mohamud claimed the al-Shabaab terror group in Somalia was responsible. Al-Shabaab has not immediately claimed the attack, however, they have claimed other recent…
Earlier this year, former UK Prime Minister Liz Truss’s personal phone was found to be infected by spyware distributed by foreign agents. This posed a signification national security risk, the UK stated. the incident was discovered over the summer during the Conservative Party leadership contest. Truss worried that the spyware may impact her chances of…
Aurubis, the world’s second largest copper producer, suffered from a cyberattack that forced IT systems offline, the company stated. The company is located in Hamburg and released a statement confirming the attack. The attack reportedly occurred on Friday evening and was part of a larger attack targeting the mining industry. The company confirmed that numerous…
Microsoft has launched a new number matching feature in push notifications to help bolster its multi-factor authentication. The feature applies to the MFA app, Microsoft Authenticator. The new feature is available now and should help combat attacks that rely on push notification spam, the company says. The new feature comes after researchers identified attacks targeting…
Blockchain technology has significantly changed the way in which traditional networks operate. It is based on the concepts of cryptography, decentralisation and consensus, which have revolutionised record-keeping. Aside from improving the speed and efficiency of transactions, it provides many security benefits through cryptographic validation and improving the transparency of records. The misconception, however, is that…
“New and improved” is the refrain of progress, but new technology doesn’t always turn out to be an improvement. In the case of the evolution from Web2 to Web3, a former hacker revealed how recent changes have created an all-new avenue of potential attack. Recent updates were intended to tighten security. “Due to blockchain technology…
A Consent Order issued in August 2022 by the New York State Department of Financial Services (“NYDFS”) for a $30 million fine on Robinhood Crypto, LLC (“RHC”) shows that cryptocurrency firms are not immune from regulatory and legal obligations. The Consent Order can be read as a partial roadmap for similar firms in establishing best…
A hacker known as Monkey Drainer has stolen US$1mn worth of Ethereum and NFTs in a hacking spree across just 24 hours. The hack was reported by Twitter user ZackXBT who describes themselves as a “crypto sleuth” and a “rug pull survivor turned 2D detective”. A rug pull is a scam which sees malicious actors…
Cryptocurrency is a new, exciting way to interact with money. However, scammers are looking to take advantage of people who don’t know how to navigate this new and often complex world. Cryptocurrency scams have become the new fraud of choice for cybercriminals looking to make a quick buck. Cryptocurrency scams are a form of financial fraud…
Business social media company LinkedIn has reportedly launched a new series of features that aims to take down fake profiles and malicious use of the platform, which is designed to allow professionals to connect with others. The firm announced the new measures in a blog post on Tuesday. The blog post also contained details about…
Twilio, a communication tool provider, has confirmed that a data breach that occurred in July had more implications than previously recognized. The same malicious actors that compromised the firm in July were also responsible for a breach the month prior that exposed customer information, the company says. The firm released an incident report that was…
Security researchers have identified a flaw in GitHub that reportedly enables attackers to take control of repositories, thus allowing them to spread malware and infect code. GitHub has fixed the bug since it was discovered and stated that it lied in the popular repository namespace retirement feature. The same tool could be targeted by threat…
Nigeria’s police have stated they are boosting security in the capital, as the United States has ordered the families of diplomats in the area to leave due to a heightened concern of terrorist attacks. The details of any threat were not known on Friday, however, residents of the Federal Capital Territory have been instructed to…
According to Russian officials, they have completed an operation to move civilians out of the city of Kherson in southern Ukraine, ahead of a battle with Ukrainian forces. At least 70,000 civilians have crossed the Dnipro river. Russia claims to be preparing Kherson for defense,. The Kherson region was one of the territories of Ukraine…
Blockchain – the shared and binding ledger that records online financial transactions and tracks a business network’s assets – is not as secure as its image suggests, according to researchers from University of Gloucestershire. Sepideh Mollajafari, a blockchain security expert at the University’s School of Computing and Engineering, has found that ‘decentralisation’ – the foundation of…
The use of cryptocurrencies is growing and diversifying. Once the open secret of a select group of tech-savvy users, many are now being drawn to the transactional freedom of BTC, ETH and a host of other altcoins and tokens. Cryptocurrencies are typically associated with the (decentralized) movement of high volumes and high values of transactions, making…
Decentralized lending protocol Compound has paused the supply of four tokens as lending collateral on its platform, aiming to protect users against potential attacks involving price manipulation, similar to the recent $117 million exploit of Mango Markets, according to a proposal on Compound’s governance forum that was recently passed. With the pause, users will not be…
On September 16, the U.S. Department of the Treasury issued two reports in response to President Joe Biden’s Executive Order (EO) on Ensuring Responsible Development of Digital Assets, which requires government agencies to develop frameworks and policy recommendations that advance six priorities, one of which being financial inclusion. Among the Treasury reports was Crypto-Assets: Implications…
The world’s largest bitcoin miner, Core Scientific (CORZ), warned that it may have to explore bankruptcy if it fails to improve its financial condition. The warning sent its shares down 77% to as low as 23 U.S. cents. The miner said it anticipates existing cash resources will be depleted by the end of the year,…
The Federal Trade Commission has announced that it would be pursuing action against Boston-based Uber subsidiary Drizly. The company delivers beer, wine, and spirits in stats where it is legal, and boasts partnerships with retailers in hundreds of US cities. The group has agreed to tighten its security practices and limit data collection after an…
Security researchers have found a new campaign that is targeting Android and Windows users. The researchers have found that there may be a much larger set of domains associated with the campaign that was originally discovered by Cyble and Bleeping Computer. The campaign is classified as typosquatting and consists of 27 mimicked brands over 600…
Vice Society, a threat actor known for ransomware and extortion campaigns, has been identified in operations targeting the US education sector. Microsoft security researchers released an advisory about Vice Society and its recent activities on Tuesday. The write-up states that the group’s latest payload is a Zeppelin variant that contains specific file extensions. Microsoft found…
Israel and Lebanon have technically been in a state of war since Israel’s founding in 1948, in a dispute over rights to a gas field in the Mediterranean Sea. The two countries have signed an agreement that sets their borders in the Mediterranean. Hezbollah, the militant and political group in Lebanon had been threatening to…
A terrorist attack at the Shahcheragh Shrine in the city of Shiraz in southern Iran has killed at least 15 people and injured 40 others on Wednesday. Two of the suspected attackers have been arrested by Iranian security forces, and a third suspect is at large. ISIS has claimed responsibility for the attack. ISIS claimed…
The Hive ransomware-as-a-service group has claimed responsibility for a cyberattack that compromised Tata Power. The attack was disclosed by the company on October 14, and likely occurred on October 3. Since the attack, the Mumbai-based power company confirmed that all critical operational systems are functioning again. The leak reportedly affected several of Tata’s 12 million…
Australia is seeking bigger penalties for serious or repeated data privacy breaches. The penalties could be raised as high as $31.57 million from $1.4 million. The announcement comes as Australia has faced a series of cybersecurity incidents that have had serious consequences across the country, such as a recent attack on the insurance group Medibank.…
Cryptocurrency exchange FTX has agreed to reimburse victims of this weekend’s phishing attack with up to $6 million, according to the exchange’s CEO, Sam Bankman-Fried. The phishing scam was in relation to 3Commas, a trading-bot platform that interlinks with FTX via an application programming interface (API). Scammers reportedly cloned the 3Comma’s website before performing trades…
In the last quarter of this year there has been a 98% rise in malware detected targeting Internet of Things devices, according to a new report by threat intelligence agency SonicWall. It comes as the number of never-before-seen malware variants also spiked, rising by 22% year-on-year. SonicWall says one of the biggest concerns for companies is…
October hasn’t been kind to crypto, with $730 million lost to 18 hacks this month alone, driving the 2022 total loss to $3 billion. With decentralized finance, or DeFi, as the prime target, it’s becoming a serious enough problem that calling 2021 The Year of the Hack may have been premature on the part of blockchain…
Buried deep in a 61-page recent report by the U.S. Attorney General, the Biden Administration called for a dramatic expansion in the federal government’s ability to seize and keep cryptocurrency. If enacted, the proposed changes would bolster both criminal forfeiture, which requires a conviction to permanently confiscate property, as well as civil forfeiture, which doesn’t…
Binance is on the verge of uncovering the hacker(s) behind the $570 million exploit on its cross-chain bridge, BSC Token Hub, earlier this month. In a recent interview with CNBC’s ‘Squawk Box Europe,’ Binance CEO Changpeng “CZ” Zhao said the firm had received substantial tips from law enforcement authorities to identify the hacker(s) that drained two…
The US Justice Department announced on Tuesday that a Ukrainian man has been charged with computer fraud in connection to a cybercrime operation dubbed Raccoon Infostealer. The man, Mark Sokolovsky, allegedly infected millions of computers with malware during the operation. He is being held in the Netherlands while the US seeks his extradition. The Raccoon…
Group-IB has released a new advisory regarding a malware campaign deploying point-of-sale (POS) malware tools to steal credit card information from payment terminals. According to the advisory, the POS malware has been used to steal the information of over 167,000 credit cards. Group-IB identified a command and control server of the POS malware that was…
Apple released new updates earlier this week that patch zero-day vulnerabilities in iOS and iPadOS devices. The flaws fixed in the latest updates have reportedly been exploited in the wild by threat actors. One of the flaws is an out-of-bounds write issue in the kernel and could be exploited by rogue applications, leading to arbitrary…
See Tickets, a global ticketing giant, has notified its customers of a data breach that impacted financial information. According to the vendor, the breach lasted for over two years. The company is owned by the French media firm Vivendi, who revealed that the data breach occurred earlier this week. The company has not made an…
Clashes between protesters and Iranian security forces were reported in the home city of Mahsa Amini as crowds gather near her grave to protest and mark 40 days since she died in custody. According to a Kurdish rights group, security personnel fired live rounds and tear gas into Saqqez’s Zandan Square. Thousands of mourners gathered…
The Chinese government has been accused of establishing undeclared police stations in the Netherlands. There has been evidence found of at least two “overseas service stations” that claim to provide diplomatic services. These stations are also attempting to try to silence Chinese dissidents in Europe. The Dutch foreign ministry spokeswoman said the existence of these…
On Monday, the Polygon-based decentralized exchange (dex) Quickswap lost $220K in a flash loan exploit and following the attack, the team detailed the Quickswap Lend platform will be terminated. 2022 has been quite the year for decentralized finance (defi) hacks as billions have been stolen due to mistakes, flash loans, faulty smart contracts, and unchecked lines…
Cryptocurrency is digital money. You can store it in a cryptocurrency wallet. A cryptocurrency wallet is an app or hardware that allows you to make transactions with your digital coins. These wallets have different features and functions, but each has pros and cons. Here’s what you need to know about them. A cryptocurrency wallet is an…
A group of hackers have taken advantage of typing mistakes in order to introduce malware to Android phones and Windows-based PCs. Using a technique called typosquatting, which consists of registering domains that are dramatically near to the ones of official brands of organizations, hackers are getting data and private keys from unsuspected users, according to…
According to data from the Rekt leaderboard, cybercriminals have stolen as much as $3 billion of investor funds through 141 various cryptocurrency exploits since January, putting 2022 on track to top 2021 levels of digital currency malfeasance. Comparitech’s cryptocurrency heists tracker indicates that since 2011, hackers have stolen $7.9 billion in cryptocurrency worth about $45.5…
Apple clarified its rules on cryptocurrencies and non-fungible tokens (NFTs) laying out what apps are allowed to do with these technologies. On crypto exchanges, Apple said in updated App Store rules on Monday, that apps may facilitate “transactions or transmissions of cryptocurrency on an approved exchange.” But the app can only be offered in countries or…
Ukrainian authorities have warned of a ransomware campaign targeting Ukrainian organizations. The Ukrainian CERT stated that it has discovered phishing emails that have appeared to be sent from the Press Service of the Armed Forces of Ukraine. Recipients of the phishing emails are prompted to click on a malicious link embedded in the email that…
The Atomic Energy Organization of Iran (AEOI) has identified an unnamed foreign country for stealing and leaking sensitive internal emails belonging to the organization. Iranian hacktivist group the Black Reward published the documents after attempting to extort Iranian authorities into releasing political prisoners. The attack committed by the hacktivist group was an attempt to achieve…
Italian Prime Minister Giorgia Meloni confirmed Italy’s support for the European Union, NATO and Ukraine in her first address to parliament. The speech comes one month after her party won a historic election. Meloni was sworn in on Saturday as Italy’s first female leader and on Tuesday, rejected any links with her country’s fascist past. …
Five Palestinian gunmen were killed in an Israeli raid against a militant group in the West Bank. A sixt Palestinain was shot and killed by Israeli troops who were attacked with stones while Palestinians protested the raid. The operation was in the northern city of Nablus and targeted the new Lion’s Den group. The group…
Popular shipping company DHL has replaced Linkedin as the most impersonated brand being imitated in phishing attempts. The brand was identified as the most imitated between July and September of this year by Check Point security in its Q3 Brand Phishing Report. The new data finds that phishing campaigns impersonating DHL account for roughly a…
DeFi is at war. Total value locked (TVL) is at its pre-pandemic level of $50 billion, along with the prices of bitcoin and ethereum. Rising inflation is driving the cost of money out of fintech innovation investment and raising capital is becoming more difficult. Many fintechs are facing downsizing and staff layoffs while their customers…
Cryptocurrency is a digital asset designed to work as a medium of exchange. Cryptocurrency uses cryptography to secure transactions, control the creation of additional units, and verify the transfer of assets. The first cryptocurrency to gain widespread adoption was Bitcoin in 2009. Since then, numerous other cryptocurrencies have been created that offer different features and benefits…
Hackers took over the official Twitter account of crypto exchange Gate.io, putting over 1 million users at risk of losing funds to an ongoing fraudulent Tether giveaway. Social media platform Twitter serves as the most effective medium to reach the crypto community. As a result, the trend of hacking into official Twitter handles of verified accounts…
Automated crypto trading bot provider 3Commas issued a security alert after identifying certain FTX API keys being used to perform unauthorized trades for DMG cryptocurrency trading pairs on the FTX exchange. 3Commas and FTX conducted a joint investigation in relation to reports from users of unauthorized trades on the DMG trading pairs on FTX. The duo…
OlympusDAO is the latest target of a crypto cyberattack, as a thief made off with 30,000 OHM tokens—worth about $300,000—early this morning. But the attacker either had a change of heart or was a white hat hacker all along, as they sent back the funds to the DAO hours later. Community members were first alerted…
The FBI has warned that the Iranian threat group Emennet Pasargad is positioned to target the US elections and officials and companies associated with the process. The group regularly engages in hack-and-leak campaigns. Although the group is primarily dedicated to targeting Israeli officials, the FBI warns that the threat actor may be active in operations…
An air raid that targeted a large ethnic insurgent group in Myanmar killed at least 50 people and injured 100. The death toll was communicated in a report by Colonel Naw Bu, a spokesman of the Kachin Independence Army. According to eye witness accounts, three bombs were dropped on a concert by aircraft. The concert…
Rishi Sunak will become the United Kingdom’s new prime minister after winning the contest by the ruling Conservative Party. The contest was caused by the resignation of Liz Truss last week. Sunak’s win occurred on Monday. Liz Truss’s resignation occurred due to her disastrous tax plans and policy u-turns that caused the markets to plunge…
The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued a joint alert. The alert pertains to a new cybercrime group called Daixin Team that targets organizations in the healthcare sector. The threat actor has been active since June 2022,…
Last Thursday Google called for contributors to collaborate on an open source project titled Graph for Understanding Artifact Composition (GUAC). The project is part of Google’s efforts to improve software supply chain security. GUAC is still in the early stages, but Google hopes that the project will change how the industry perceives software supply chains…
McAfee has found that the clicker malware that was designed to facilitate ad fraud is present in 16 mobile apps available in the Google Play Store. Google has since removed the apps, however, they racked up an estimated 20 million downloads. The malware was identified in apps such as flashlights, QR readers, cameras, unit converters,…
Phishing domains impersonating the Saudi government service portal Absher have popped up online, CloudSEK says. The phishing portals are designed to provide fake services to citizens and steal credentials. CloudSEK published an advisory concerning the threat last Thursday. The threat actors are sending phishing SMS messages containing a link to the illegitimate sites. The messages…
Europol has warned that Facebook’s Metaverse and similar immersive internet experiences could be a target for ransomware and cybersecurity crimes like identity theft, money laundering, and more. Europol released a report from the Innovation Lab that urges security authorities to begin thinking about the potential threats the metaverse could bring. The money and people involved…
Informing your decisions with actionable intelligence
Copyright © 2025 — All Rights Reserved.
Notifications
Informing your decisions with actionable intelligence