Category: Threat Brief

Journalists In Danger of Cyber Espionage: Lessons from Jamal Khashoggi murder

BBC news ran a piece titled “Jamal Khashoggi: Saudi murder suspect had spy training” which provides more details on one of the 15-member team sent to kill Jamal Khashoggi. Maher Abdulaziz Mutreb was trained in how to use offensive spyware technology as part of nation-state sponsored efforts for the Saudi state.

A source described how Mr. Mutreb spent time in a course with him in 2011 learning to use tech his company was providing the Saudi government so it could carry out targeted attacks on the phones and computers of its own citizens.

From the BBC report:

“This information might have been basically everything from [their] GPS position, conversation, microphone audio around the device itself, camera pictures, files on disk, emails, contacts, everything that was on the device itself.”

The tools he was trained in, the source said, were similar to other tools which, according to Citizenlab and Amnesty International, were recently used against several of Mr Khashoggi’s friends.

We have a recommendation for all journalists as well as anyone else seeking to make it harder to be spied upon. Take action now to raise your defenses by reviewing the OODA Guide to Cybersecurity Best Practices.

And for external review of your cybersecurity posture see OODA LLC offerings in:

Technology Due Diligence – CTO as a service – CISO as a Service


Protect Your Network At Home And Sense When WiFi Enabled Devices Come Close To You With Fingbox

Fing is a nice app that runs on your smartphone or tablet that will show you who else is on your network. It puts an interface on capabilities like Ping, Traceroute and many others and presents information in a way that is fast. You can find links to download the app at Next time you decide to join a public WiFi network at a conference or hotel you can launch Fing and see how they have configured the network and if you can see others on the net. Note: The Fing app works a bit better on Android, for now. Apple has restricted the ability of applications to see some technical info (specifically MAC addresses). But the greatest functionality of the app is its connectivity to the device mentioned below, the FingBox. So don’t let the lack of ability to scan MAC addresses deter you from downloading the app.

Fing now has something that makes it far more powerful than just an app on your mobile device. They offer a device for your home network called the Fingbox. This adds network security and troubleshooting to watch over your network and give you control to block users you don’t want in your net. It detects intruders, manages devices authorized to use your network and also analyzes the quality of your WiFI and Internet connections. Fingbox also gives you parental controls.

Another really neat thing it will do is give you a “WiFi Fence” around your home. This of this like having a magic super power. You can set it to give you alerts when any device comes near your home. Imagine getting an alert when the mailman approaches or when the pizza delivery guy gets near. Imagine getting an alert when a bad guy comes close at night. Or would you like to know when a WiFi enabled drone is within range of your house?

I love the Fingbox and mostly highly recommend it to anyone with WiFi at home. Find it here.

Track The Technological Dimensions of The Cyber Threat With CTOvision

CTOvision reports on all the megatrends driving the future of IT, including trends in cybersecurity. More importantly, we track how the functionality of Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics and the Internet of Things will require new approaches to cybersecurity.

If you enjoy the daily Threat Brief we know you will enjoy CTOvision. Sign up for our newsletters at:

Want to mitigate digital risks? Don’t get another assessment, get an assistance visit

The Daily Threat Brief  is designed to give you awareness of risks, so you can mitigate them!

Our team has a track record of safeguarding some of the nation’s greatest secrets, equipping U.S. leadership with actionable intelligence that helps protect lives and driving technology innovation that has kept key agencies generations ahead of our adversaries.

Reply to any of our products to ask for more information on how we can serve your efforts.

For more on what we do and to engage us in a dialog see: Crucial Point

We are now part of OODA, offering: Technology Due Diligence – CTO as a service – CISO as a Service

Reference To Open Source Threat Assessments

The Daily Threat Brief aims to provide the gist of current trends in adversary behavior and insights into mitigation strategies that are working. We also report on the results of longer term studies and provide the results of research from our own staff and from highly regarded sources in the cybersecurity community. We also keep lists of references to help you to dive deeper into the threat yourself. You can find a short list of key sources on our Threat References page.

We summarize strengths and weaknesses of the most reputable open source intelligence reports. See summaries of them at the following links:

We would love your inputs on this list. Do you have a favorite open source research report we should make the community aware of? Reply to our newsletter with any inputs.

Also see:


Threat Brief Makes People Magazine

When People Magazine decides they need to start reporting on the cyber threat you know we are living in dangerous times. We have always believed more people should be informed of the threat and should work to mitigate risks, and are happy to have been a part of recent reporting in People.


In it, Threat Brief publisher Bob Gourley of OODA provides tips for the average computer user including:

  • Stay aware of the threat
  • Pick passwords that are impossible to guess but easy to remember (tips are given in the article)
  • Don’t use free email from your isp. Use Google mail.
  • Use two factor authentication whenever you can.
  • Look for spoofed emails and links
  • Use a password manager like Dashlane
  • Know what https is and how to spot it in your browser

For more tips including ways to significantly reduce your risk see our services in Technology Due Diligence – CTO as a service – CISO as a Service.

The Cyber Threat Provides New Insights Into Bad Actors

The Cyber Threat was written to help executives, especially those without a deep background in cybersecurity, understand the nature of adversaries in cyberspace. The book includes a new section on the technological environment that can help decision-makers get their heads around the new tech enabled world arising around us. The book also captures key lessons from the most important cyber attacks in history, providing insights any modern executive can benefit from knowing.

Now more than ever, organizations need their executives and workforce to have a better grasp of the threats to business outcomes outlined in this book.

The book is available in paperback and electronically via Kindle.

For more info and to order see: The Cyber Threat.

What They Are Saying

“The Cyber Threat captures insights into dynamic adversaries that businesses and governments everywhere should be working to defeat. Knowing the threat and one’s own defenses are the first steps in winning this battle.”
Mike McConnell, Admiral, USN (Ret), Former Director of National Intelligence and Director, NSA

“There are no excuses anymore. Trying to run a business without awareness of the cyber threat is asking to be fired. The Cyber Threat succinctly articulates insights you need to know right now.”
Scott McNealy, Co-founder and Former CEO, Sun Microsystems and Chairman Wayin

“When I’m researching my own books, I always turn to Bob Gourley. I make diasasters up. He’s seen them for real. And most important, he knows how to stop them. Read this. It’ll scare you, but also protect you.”
Brad Meltzer, #1 bestselling author of The Inner Circle

“The insights Bob provides in The Cyber Threat are an essential first step in developing your cyber defense solution.”
Keith Alexander, General, USA (Ret), Former Director, NSA, and Commander, US Cyber Command

“Vaguely uneasy about your cyber security but stumped about what to do? Easy. READ THIS BOOK! “The Cyber Threat” will open your mind to a new domain and how you can make yourself safer in it.”
Michael Hayden, General, USAF (Ret), Former Director, NSA and Director, CIA

“Bob Gourley was one of the first intelligence specialists to understand the complex threats and frightening scope, and importance of the cyber threat. His book can give you the edge in what has emerged as one of the most compelling, mind-bending and fast moving issues of our time.”
Bill Studeman, Admiral, USN (Ret), Former Director, NSA and Deputy Director, CIA

For more see:

The Threat Brief: Now powered by

We have some exciting news to share.

We are combining our efforts with the analysts and researchers of to provide enhanced reporting and analysis on threats and opportunities. The result: A new daily product of hand-curated cyber and risk intelligence that is more informative and more actionable.

You should see your first OODA Loop Daily Briefing on Tuesday 8 January 2019 shortly after 10am eastern.

Please let me know what you think of the new format. You can always reply to any of our newsletters to get directly to me.

Your subscription is still under your control. You can use the self service capabilities of MailChimp to update your email address, suspend delivery or unsubscribe using the links at the bottom of any of our emails.

Thank you and Happy New Year!

Bob Gourley


The attack surface is growing faster than it has at any other point in the history of technology

Avast launched its annual Threat Landscape Report, detailing the biggest security trends facing consumers in 2019 as collected by the Avast Threat Labs team.

“This year, we celebrated the 30th anniversary of the World Wide Web. Fast forward thirty years and the threat landscape is exponentially more complex, and the available attack surface is growing faster than it has at any other point in the history of technology,” commented Ondrej Vlcek, President of Consumer at Avast.

Read about the findings of the new Avast report on Help Net Security.

Security analytics to reach $12 billion by 2024

Amid a maelstrom of cybersecurity threats and rampant hacking attempts that leverage the power of the IoT against itself, organizations are forced to realize that they are on the losing side of this war.

As such, market vendors have no choice but to enhance their cybersecurity arsenal with more sophisticated tools which allow a deeper understanding of their users, devices, and systems. This will drive the security analytics market toward an impressive revenue of $12 billion by 2024, according to ABI Research.

Read more about the prognosis by ABI Rresearch on Help Net Security.