To help members optimize opportunities and reduce risk, OODA hosts a monthly video call to discuss items of common interest to our membership. These highly collaborative sessions are always a great way for our members to meet and interact with each other while talking about topics like global risks, emerging technologies, cybersecurity, and current or future events impacting their organizations. We also use these sessions to help better focus our research and better understand member needs.

The Cybersecurity and Infrastructure Security Agency (CISA) has released two cybersecurity playbooks that focus specifically on incident and vulnerability response. The guides were released in response to an executive order signed in May by President Joe Biden. The executive order was focused on improving the nation’s cybersecurity readiness. The order

In a recent 4-month long workshop, over 70 experts explored the concept of creating a “Cyber NTSB”. This workshop topic is consistent with themes like innovation and design processes for innovation, which cut across much of our recent OODA Loop research and analysis.  It all starts with a design metaphor. This recent workshop used the National Transportation Safety Board as a design analogy/metaphor for a National Cyber Safety Board/National Cyber Security Board (NCSB). Specifically, innovation in “lesson-learning systems” for cybersecurity and cyber incidents – taking design process inspiration from the aviation safety models of the NTSB – was the goal of this “Cyber NTSB” workshop.

The NSA and CISA have released a detailed guide pertaining to how organizations and individuals should select virtual private networks as they remain actively under attack and face exploitation from nation states and cybercriminals alike. The guide also features details on ways to deploy a VPN securely. The NSA stated

Earlier this week, the US FBI and Cybersecurity and Infrastructure Security Agency released a joint advisory warning the public of alleged active exploitation of a critical vulnerability found in a popular password management solution called Zoho. Zoho’s ManageEngine AdSelfService Plus, a tool that aids users in creating strong passwords and

A critical security vulnerability that lies in the Zoho ManageEngine ADSelfService Plus platform is being actively exploited in the wild as a zero-day, according to the Cybersecurity and Infrastructure Security Agency (CISA). The bug could allow remote attackers to bypass authentication and have access to users’ Active Directory and cloud

The FBI and Cybersecurity and Infrastructure Security Agency have released a joint advisory warning of potential cyberattacks over Labor Day weekend. The agencies noted that cyberattackers have launched dozens of devastating attacks over long weekends in past years. They urged organizations to take extra steps to secure their systems and

REvil, the group behind the damaging supply chain ransomware attack on a US software company Kaseya, has reportedly demanded $70 million in return for a universal decryption key. Researchers claim that there could be as many as 1,500 companies impacted globally. It is unclear which ransomware affiliate was used to

US and UK authorities have declared that a known advanced threat actor, APT28, also referred to as Fancy Bear or Strontium, has been tied to a range of brute-force password spraying attacks against hundreds of government and private sector targets worldwide, including European governments and military. The joint alert was

Apple has released security updates for vulnerabilities under active attack and affecting multiple products, including iOS, WatchOS, and iPadOS. The patches fix WebKit flaws that can be exploited by threat actors by utilizing maliciously crafted web content that ultimately leads to arbitrary code execution, according to Apple. The statement released