Start your day with intelligence. Get The OODA Daily Pulse.

Subscribe Sign In

Home > OODA Analysis and Briefs

Analysis

Briefs

  • Authorized Push Payments Surge to 75% of Banking Fraud

    Payment authorization fraud is targeting online banking customers, according to experts. In fact, security experts say that most online banking fraud occurring today is a result of customers being duped into paying scammers who are posting as a trusted entity. The scammer convinces the target that they a legitimate entity and eventually tricks the victim…

  • Asic bolsters its cryptocurrency team and looks to regulate more digital assets

    The Australian Securities and Investments Commission has bolstered it cryptocurrency team as it looks to regulate more digital assets by classifying them as financial products, a move that would make selling them to Australians more difficult. Asic has yet to decide whether to classify Ethereum, the second most popular cryptocurrency after bitcoin, as a financial product…

  • Are noncustodial crypto wallets a practical option for the everyday hodler?

    As crypto ownership becomes more and more common, holders will need to think about how they protect and hold their assets. The safest option is storing cryptocurrency in a personal wallet. Crypto wallets are programs that allow users to store, send and receive cryptocurrency. Each wallet has a private key that allows the wallet to be…

  • CoinDCX Twitter locked: Hacking verified accounts a new exploit for crypto scammers

    The Twitter account of the Indian crypto exchange CoinDCX was hacked on September 20. The intruders posted fake Ripple (XRP) promotions embedded with phishing links in an attempt to scam users. “Today, we are pumping XRP. To support our community, we are announcing a 100,000,000 XRP GIVEAWAY. Please note you can receive a bonus once.…

  • Arbitrum Rewards Hacker With 400 ETH For Detecting a Critical $400M Vulnerability

    On September 19, Arbitrum, one of the most popular Layer 2 solutions for Ethereum, paid 400 ETH (about $560,000) to a white hat hacker who found a potential vulnerability in its code. The white hat hacker, known on Twitter as Riptide, finds vulnerabilities within smart contracts written in Solidity. Riptide said the “multi-million dollar vulnerability” could…

  • Colorado is now accepting tax payments in cryptocurrency, as Gov. Polis promised

    The American state of Colorado now accepts cryptocurrency for tax payments, Gov. Jared Polis announced on Monday. The option is already available on the state Department of Revenue website. Colorado tax payments are accepted through the PayPal Cryptocurrency Hub with service fees of $1.00 plus 1.83% of the payment amount. Payments are accepted only from personal…

  • Uganda declares Ebola outbreak after one person dies

    On Tuesday, the World Health Organization confirmed that Uganda has declared an outbreak of Ebola after a case of the Sudan strain was confirmed in the country. The Sudan strain is relatively rare and was identified in a 24-year-old man in the Mubende district. Health authorities in Uganda identified the sample after investigating six suspicious…

  • Spell-Checking in Google Chrome, Microsoft Edge Browsers Leaks Passwords

    Spell-check features in both Google Chrome and Microsoft Edge are reportedly responsible for leaking sensitive user information such as username, emails, and passwords to Google and Microsoft. Specifically, the data is harvested when consumers fill in forms on popular websites and cloud-based enterprise apps. The issue was identified by security firm Otto JavaScript Security. According…

  • Video Game Publisher Admits Helpdesk Was Hijacked

    US-based video game publisher 2k has warned players not to click on links received by its help desk in the past few weeks. According to the company, its helpdesk has been breached and the links delivered to its users are fake. The firm released a brief statement on Twitter addressing the risk and stating that…

  • Two-Fifths of US Consumers Suffer Personal Data Theft

    According to a new report from the Identity Theft Resource Center, roughly 40% of US consumers have had their information stolen or compromised within the past year. The research consisted of polling 1371 consumers to determine the rate of repeat identity crimes and data breaches impacting consumers. The study found that the number of repeat…

  • Critical Vulnerability in Oracle Cloud Infrastructure Allowed Unauthorized Access

    A new vulnerability has been disclosed in the Oracle Cloud Infrastructure. According to security researchers at Wiz, the flaw could allow unauthorized access to cloud storage volumes of all users. Therefore, the vulnerability violates cloud isolation. The security flaw has been dubbed AttachMe by researchers and was detailed in an advisory posted by Wiz earlier…

  • Russia’s invasion of Ukraine ‘tramples’ UN charter according to Japan PM

    Fumio Kishida, Japanese Prime Minister, has called for reforms after he expressed disappointment in the United Nations Security Council’s failure to respond to Russia’s invasion of Ukraine. The reforms he called for would allow the UN to better defend global peace and order. The reform proposed addresses the system that gives five states, including Russia,…

  • Myanmar army helicopters fire on school, killing six

    At least 17 children were wounded and six children were killed in Myanmar when army helicopters shot at a school on Friday. The military said it opened fire because rebels were using the school building to attack its forces. The military admitted to opening fire on the school on Tuesday, however, rejected accusations that it…

  • Unrest Turns Deadly in West Bank as Palestinian Authority’s Grip Loosens

    Earlier this week, Palestinian Authority security forces reportedly clashed with armed groups protesting unrest in the city of Nablus. The individuals were reportedly throwing stones as the unrest has intensified in the West Bank amid a series of Israeli raids and arrests of militants. The conflict left at least one Palestinian dead, and could be…

  • Five people killed in Iran in protests over death of woman in police custody, human rights group says

    Five people have died at the hands of Iranian security forces due to protests that erupted over the death of female prisoner Mahsa Amini. Amini was being held in police custody for roughly a week before her death, which Iranian authorities have classified as a heart attack. Human rights monitor Hengaw Organization for Human Rights…

  • Revolut Breach May Have Hit 50,000+ Customers

    Fintech giant Revolut has reportedly suffered from a serious data breach that may impact 50,000 customers. According to the company, the attack was highly targeted and the attacker was only able to access 0.16% of customers’ data. In addition, the attacker was not able to conduct the attack for an extended period of time. Revolut…

  • American Airlines Breach Exposes Customer and Staff Information

    American Airlines has released a statement confirming that it suffered from a data breach that affected employee inboxes in July. The data breach occurred over the last several days and begun with a phishing attack that led to the unauthorized access. American Airlines stated that the threat actor was able to view a limited number…

  • Rockstar Games Confirms ‘Grand Theft Auto 6’ Breach

    Take-Two Interactive Software subsidiary Rockstar Games has confirmed that an unauthorized third party has downloaded files and videos belonging to the company’s flagship game, Grand Theft Auto 6. The hacker allegedly posted a trove of video clips to an online forum this weekend. The data, which contained more than 90 video files, has since been…

  • Starbucks Singapore says customer data illegally accessed in data leak

    Starbucks has confirmed that customers in Singapore have been impacted by a data leak that exposed personal data such as names, birthdates, and mobile numbers. Starbucks stated that credit card details and passwords were not affected, however, it urged its customers in Singapore to change their passwords. The coffee chain released an email notification to…

  • Uganda declares Ebola outbreak after one person dies

    Uganda has declared an outbreak of Ebola after a case of the Sadan straine was confirmed in the country according to the World Health Organization on Tuesday. The case was confirmed after testing a sample from a 24-year-old man in the Mubende district of the country.  The Ugandan health authorities investigated six suspicious deaths in…

  • Water Tank Management System Used Worldwide Has Unpatched Security Hole

    The TMS300 CS water tank management system produced by Irish building materials company Kingspan is vulnerable to attack, according to security researchers. The management system is used in critical infrastructure locations across the world and enables the user to view tank level information via a screen, web server, application, online portal, or email. In addition,…

  • Deadly Donetsk blasts hit separatist-run city in Ukraine

    Thirteen people have been killed and others wounded in a series of explosions that hit the separatist-run city of Donetsk in eastern Ukraine. The mayor of the city, Alexei Kulemzin has blamed Ukrainian shellfire for the deaths. Donetsk has been controlled by Russia’s sponsored authorities since 2014  Independent confirmation of the attack is difficult in…

  • Retired Mexican general arrested over Ayotzinapa students who vanished in 2014

    Retired army general José Rodríquez Pérez was arrested by Mexico in relation to the disappearance of 43 students in the city of Iquala eight years ago. The news was announced by the Deputy secretary of security on Thursday, however he did not specify any of the allegations against Rodríguez.  A total of four arrest warrants…

  • Allies Warn of Iranian Ransom Attacks Using Log4Shell

    Cybersecurity agencies that are located in the US, UK, Australia, and Canada have warned that Iranian state-sponsored hackers are exploiting Log4j vulnerabilities in ransomware campaigns. The alert was published earlier this week and claims that the Islamic Revolutionary Guard Corps (IRGC) was responsible for multiple attacks that leveraged the VMware Horizon Log4j vulnerabilities on unprotected…

  • Uber Hacker May Have Compromised Secret Bug Reports

    Uber has reportedly been breached again after a threat actor claimed to have accessed its email and cloud systems as well as its internal Slack account and HackerOne tickets. The attack was announced last week and could have major effects on the ride-share company. The hacker allegedly sent screenshots to news outlets and security companies…

  • CISA Expands Vulnerabilities Catalog With Old, Exploited Flaws

    The Cybersecurity and Infrastructure Security Agency (CISA) has recently added six previously identified flaws to its Known Exploited Vulnerabilities Catalog. The addition was made last week, and the vulnerabilities are a frequent attack vector for threat actors, the agency stated. The CISA also noted that the flaws, although old, post a significant risk to the…

  • Notepad++ Plugins Allow Attackers to Infiltrate Systems, Achieve Persistence

    Security firm Cybereason have suggested that threat actors could exploit Notepad++ plugins to get around security mechanisms and achieve persistence on the victim’s machine. Security researcher by the name RastaMouse was able to provide a demonstration showing how a malicious plugin could be used as a persistence mechanism. Cybereason released an advisory pertaining to the…

  • Fake cryptocurrency giveaway sites have tripled this year

    The number of websites promoting cryptocurrency giveaway scams to lure gullible victims has increased by more than 300% in the first half of this year, targeting mostly English and Spanish speakers using celebrity deepfakes. Security researchers at cybersecurity company Group-IB have identified more than 2,000 domains registered in 2022 specifically for this purpose. A report published today…

  • Will the Ethereum Merge leave the crypto at greater risk of hacking?

    If all’s gone according to plan, the Ethereum (CRYPTO: ETH) Merge should officially be complete this morning. If you’re unfamiliar, the Ethereum Merge refers to the crypto’s transition from a proof of work (PoW) protocol to a proof of stake (PoS) protocol. We won’t take a deep dive into the details of the transition here.…

  • Treasury recommends exploring creation of a digital dollar

    The Biden administration is moving one step closer to developing a central bank digital currency, known as the digital dollar, saying it would help reinforce the U.S. role as a leader in the world financial system. The White House said on Friday that after President Joe Biden issued an executive order in March calling on…

  • White House Releases ‘Comprehensive Framework’ for Crypto Regulation and Development

    The White House has today released a “First-Ever Comprehensive Framework for Responsible Development of Digital Assets” outlining the conclusions and recommendations of various federal agencies after six months of studying the crypto industry. The directive to research crypto was given in President Biden’s executive order, signed in March this year. Like the executive order, today’s “Comprehensive…

  • Malware on Pirated Content Sites a Major WFH Risk for Enterprises

    A recent investigation conducted by Digital Citizens Alliance and brand protection firm White Bullet has found that sites containing pirated movies, and potentially malware, poses a risk for enterprises and work from home employees. The investigation found that most pirate sites actually generate a substantial portion of their revenues by infecting devices with malware. The…

  • YouTube Users Targeted By RedLine Self-Spreading Stealer

    According to cybersecurity researchers at Kaspersky, threat actors have launched a campaign against YouTube users leveraging the RedLine information stealer. The cybersecurity company published an advisory warning about the campaign earlier this week. RedLine was discovered in March 2020 and is one of the most common Trojans utilized by hackers to steal passwords and credentials.…

  • Uber Hacker May Have Compromised Secret Bug Reports

    Yesterday, Uber posted on Twitter confirming that it was dealing with a cybersecurity incident. Security researchers have stated that it seems like Uber may have been breached again after a threat actor reportedly accessed the company’s email and cloud systems. In addition, the hackers may have breached Uber’s code repositories, internal Slack account, and HackerOne…

  • Germany seizes Russian oil firm Rosneft’s refineries

    Germany has taken control of the German side of operations of a Russian oil firm, Rosneft, to secure energy supplies. Energy supplies have been largely disrupted since Russia’s invasion of Ukraine. Rosneft’s German subsidiaries account for approximately 12 percent of the oil refining capacity in the country and were placed under the trusteeship of the…

  • China and Russia present united front at summit as Ukraine war risks exposing regional divisions

    Chinese leader Xi Jinping and Russian President Vladimir Putin will sit down with other Asian leaders at a summit in Central Asia on Friday. At this summit, the two leaders are expected to present a united front against the United States and its allies.  The two countries have a “no-limits” relationship, however, there are differences…

  • Floods and rain kill at least ten overnight in Italy

    Flash floods hit the Italian region of Marche overnight and have killed at least 10 people. The torrential rain fell late on Thursday night and caused rivers and streams to overflow. The rivers inundated coastal towns around the regional capital of Ancona.  Approximately 16 inches of rain were recorded over the course of a few…

  • Hundreds of graves found in liberated Izyum city – Ukrainian officials

    Days after Izyum was re-taken from Russia by Ukraine, Ukraine has announced that it has found hundreds of graves outside of the city. The graves were marked with wooden crosses, most were marked with numbers, and were found in a forest outside the city by Ukrainian forces. Authorities are planning on exhuming some of the…

  • 10 examples of smart contracts on blockchain

    With smart contracts’ rapid growth, IT leaders should understand the role those contracts could play within an enterprise technology ecosystem. Smart contracts on blockchain have the potential to streamline certain business processes and some business and IT leaders are looking at the potential use cases, such as in the area of advertising and healthcare. But smart…

  • Can ‘the Merge’ Save Crypto?

    Crypto could use a bit of good news these days. And on Wednesday, it got some. Ethereum, the most popular crypto platform, appears to have successfully upgraded its software architecture from a type of blockchain known as “proof of work,” which it has run since its inception in 2015, to a type of blockchain known as…

  • Investors say regulation needed to assuage crypto concerns

    Though many public pension funds have shied away from digital assets tied to cryptocurrencies and the blockchain, some are nevertheless moving forward with small investments in this potentially transformational yet volatile sector. Last year, for example, the $5.3 billion Houston Firefighters’ Relief and Retirement Fund decided to establish a $25 million portfolio in crypto assets. The…

  • North Korea Stolen Approximately $1B of Cryptocurrency in 2022

    The most worrisome trend in crypto crime is the startling increase in funds stolen from DeFi protocols, particularly the cross-chain bridges. A significant portion of the value stolen through Defi protocols can be traced back to malicious actors with ties to North Korea. Highly skilled hacking groups such as Lazarus Group have taken credit for…

  • Cryptocurrency is picking up as an instrument for tyranny

    Proponents paint Bitcoin (BTC) and other cryptocurrencies as antidotes to totalitarian governments and central banks. Simultaneously, international corporations and startups alike have designed blockchain platforms and products that could be used on behalf of totalitarian governments and central banks. One example is Microsoft, which applied for a patent for a cryptocurrency system using body activity data.…

  • Vulnerabilities Found in Airplane WiFi Devices, Passengers’ Data Exposed

    Two critical vulnerabilities have been detected in wireless devices LAN devices produced by Contec. The devices are used in planes to provide internet connectivity to passengers while in-flight. The flaws were discovered by a pair of researchers at Necrum Security Labs. The security researchers found that a hidden page not listed in the Wireless LAN…

  • User Alert as Phishing Campaigns Exploit Queen’s Passing

    Threat actors are capitalizing on the death of Queen Elizabeth II to lure targets into clicking on phishing links that request Microsoft credentials. Experts at Proofpoint posted a screenshot yesterday that revealed the phishing emails appear as though they are being sent from the tech giant itself. The headline claims to be memorializing the late…

  • SparklingGoblin APT Targeted Hong Kong University With New Linux Backdoor

    The SideWalk backdoor has been leveraged by a threat actor group seeking to target a Hong Kong university. The attack reportedly occurred in February 2021 and was perpetrated by the SparklingGoblin advanced persistent threat group. The attackers sough out the Linux variant of the backdoor to hack into the university’s systems during student protests that…

  • Spain, Europol arrest ‘one of Europe’s biggest money launderers’

    European police have arrested one of Europe’s biggest money launderers in a rain in southern Spain. The suspect, a British-Irish man, is believed to have laundered more than 200 million euros in illicit money. The operation was led by Spain’s Guardia Civil and coordinated by Europol. The operation is seen as a blow to the…

  • Armenia reports ceasefire after new border clashes with Azerbaijan over Nagorno-Karabakh

    Late on Wednesday, a truce was reached between Armenia and Azerbaijan according to a senior Armenian official. The truce comes after two days of violence related to a decades-long dispute between the two countries over the territory of Nagorno-Karabakh. This conflict was the deadliest exchange between the two countries since 2020.  Russia is the primary…

  • DOJ charges 3 Iranians with hacking hundreds of U.S. computers to extort ransom

    The Justice Department announced charges Wednesday against three Iranian men accused of hacking into hundreds of U.S. computer systems, encrypting data and extorting victims for ransom. Victims of the scheme included a township in Union County, New Jersey, and a county government in Wyoming; accounting firms in New Jersey and Illinois; power companies in Indiana…

  • A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

    We have recently observed malicious actors exploiting both recently disclosed and older Oracle WebLogic Server vulnerabilities to deliver cryptocurrency-mining malware. Oracle WebLogic Server is typically used for developing and deploying high-traffic enterprise applications on cloud environments and engineered and conventional systems. One of the older vulnerabilities that is still being actively exploited by malicious actors…

  • Ethereum Merge: How one big cryptocurrency is going green

    The second biggest cryptocurrency, Ethereum, is about to switch over to a new operating model that uses 99.9% less energy. The change, called The Merge, is designed to win over critics who see cryptocurrencies as environmentally harmful. Ethereum currently uses as much energy as a medium-sized country. Other cryptocurrencies, including the biggest, Bitcoin, will remain…

  • South Korea issues arrest warrant for developer of failed cryptocurrency Luna

    A South Korean court has issued an arrest warrant for Do Kwon, the primary developer of cryptocurrencies Luna and TerraUSD, whose spectacular collapse in May roiled crypto markets around the world. Kwon, also the founder of blockchain platform Terraform Labs, has been accused of fraud by investors in the wake of the collapse. “An arrest warrant…

  • SWIFT Financial-Messaging System Pilots Blockchain Project

    SWIFT, the messaging system used by financial institutions globally to convey instructions on tens of millions of transactions each day, is testing out blockchain. The Society for Worldwide Interbank Financial Telecommunication, or SWIFT for short, is piloting a project with fintech company Symbiont Inc., according to a post seen by Bloomberg. The collaboration, which includes Citigroup…

  • U.S. to Transfer Afghan Funds to Swiss Bank for Safekeeping

    On Wednesday, the US announced that it plans to transfer billions of dollars in frozen Afghani assets to a fund in Switzerland. This will effectively shelve talks that discusses recapitalizing the central bank despite the Taliban rule. The assets consist of roughly 7 billion USD. The Switzerland bank, the Bank for International Settlements, will guard…

  • EU chief proposes energy market reform, $140bn revenue cap

    The president of the European Commission, Ursula von der Leyen, has unveiled legislation to impose windfall levies worth $140bn on energy companies. This legislation is a bid to lessen the effects of increasing gas and electricity prices that have threatened economies and household electricity bills.  The legislation was announced in her State of the European…

  • Russia covertly spent $300m to meddle abroad – US

    Since 2014, Russia has covertly spent over $300m to influence politicians in more than 24 countries according to allegations by the US. The Department of State made this allegation after a US intelligence assessment was declassified and released on Tuesday.  Russia has not publicly commented on the issue of meddling abroad. American intelligence suggests that…

  • Cyberattackers Abuse Facebook Ad Manager in Savvy Credential-Harvesting Campaign

    According to security researchers at Avanan, attackers are using the power of Facebook’s branding to craft emails that seem to be legitimate Facebook Ads Manager communications. The attackers are seeking credentials and attempt to lure targets into giving up logins and credit card information under the guise of Facebook ads. Avanan released a report on…

  • Microsoft Raises Alert for Under-Attack Windows Flaw

    On Tuesday, Microsoft released a warning stating that its security teams had detected zero-day exploitation of a critical vulnerability that had been previously disclosed. The vulnerability lies in the Windows platform and was fixed in the latest batch of Patch Tuesday updates. However, attackers are now actively exploiting the flaw to gain system privileges on…

  • ShadowPad-Associated Hackers Targeted Asian Governments

    Threat actors associated with the ShadowPad remote access Trojan have implemented a new toolset to assist its campaigns. The group is targeting various government and state-owned organizations spanning multiple Asian countries, according to Symantec. Symantec released an advisory regarding the threats earlier this week. In the report, the security firm states that it is likely…

  • DDoS Attacks on UK Firms Surge During Ukraine War

    According to recently compiled data, the volume of DDoS attacks that targeted UK financial institutions surged during the first few months of the Ukrainian war. The information was obtained from the industry regulator via the new Freedom of Information data. The Financial Conduct Authority revealed that there have been 14 DDoS attacks so far in…

OODALoop Logo

Informing your decisions with actionable intelligence

Become a Member

Copyright © 2025 — All Rights Reserved.

Subscribe Sign In