Home - Red Sky Alliance

Red Sky Alliance

Wapack Labs has operated Red Sky Alliance for over seven years. We are a trusted group of organizations, large and small, sharing information about targeted, advanced, and emerging cyber threats in a private secure portal.

Red Sky Alliance offers TLP White and Green reporting that can satisfy most any situational awareness need, with reports, forums and people to ask questions of - Sign up Now for FREE Membership and Access to all Content.

Get Advice, Intelligence, & Help.

The Red Sky Alliance portal offers cyber security reporting and training materials that can help your company meet the cyber threat challenges of today.

Sign up Now for FREE Membership and Access to all Content.

X-Industry

Vulnerability in Mozilla Firefox Could Allow for Arbitrary Code Execution

Posted by Matt Weidner on June 21, 2019 at 11:11am

Vulnerability in Mozilla Firefox Could Allow for Arbitrary Code Execution[1]

A vulnerability has been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), which could allow for arbitrary code execution.[2] Mozilla Firefox is a web browser…

RUSSIA COOPERATING WITH CHINA ON BELT AND ROAD PROJECTS

Posted by Bill Schenkelberg on June 21, 2019 at 11:07am

SUMMARY

Russian President Vladimir Putin and Chinese President Xi Jinping have met twice already in 2019 for summits on economic cooperation. A series of agreements has been concluded at these meetings, mostly focused on Russian cooperation on China’s Belt and Road infrastructure construction. Putin had initially been hesitant to join in…

IR-19-164-001 PHP Exploit Attacks from Conficker Botnet

Posted by Aureanna Hakenson on June 14, 2019 at 5:47pm

Beginning in April 2019, Wapack Labs SOC observed an uptick in alerts for inbound PHP exploit attempts affecting multiple clients. These alerts indicate attacks on vulnerable systems through the use of malicious PHP code in HTTP requests. If these attacks are successful, they can result in data exfiltration as well as remote control of victim servers.

Allantibots

Posted by Christopher Hall on June 14, 2019 at 1:46pm

Apple IDs are a popular target for hackers because they can enable theft of financial data and other personally identifiable information (PII). These are often obtained through phishing campaigns intended to trick users into entering their personal data. In June 2019, Wapack Labs identified one such campaign that is leveraging a large infrastructure and a phishing kit dubbed ‘Allantibots’. Allantibots is a sophisticated phishing package and is characterized by its ability to spoof the…

RedXray

RedXray, Daily Cyber Risk Management Reporting

How do you know if your supplier, customer, partner, member or subsidiary is in cyber trouble? Is your organization at business risk due to unreported cyber threats? What about your subsidiary locations, members or suppliers? Can they recover from the financial losses suffered by a business interruption, financial loss or ransomware? RedXray notifies you of nine (9) cyber threat categories in your enrolled named entities for any industry segment. For use in supply chains, you can see who is at risk on daily basis to help you comply with NIST 800-171 rules. There are multiple use applications; Banking & Finance, INFOSEC Firms, Insurance, Auto Dealerships, Manfacturing.

If a supplier, customer or partner is having cyber issues, you can identify the problem quickly and easily and mitigate losses immediately.For more information and how to order, please visit https://www.wapacklabs.com/redxray

Wapack Labs in the News

On - Demand, Red Sky Alliance Threat Brief Broadcast.

Please join us every week for an, on demand, rebroadcast of our Weekly Red Sky Alliance Threat Brief, a succinct summary of current threat activities designed to inform your decision-making. Listen in on what our Wapack Labs analysts have been working on.

Register Here, Watch Now
See you online!

Cyber Security Blog

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance

Comments

Austin Talbot June 21, 2019 at 2:50pm

The maritime watch list and Vessel Impersonation reports for the week of 06 21 2019 are now posted in the Transportation Section.
Bill Schenkelberg June 21, 2019 at 1:34pm

Interesting article that complements our past reports on China and the Belt and Road initiatives. See our current report: RU Cooperation with CN on Belt and Road Projects.

https://www.nationalreview.com/magazine/2019/07/08/how-china-weapon...

How China Weaponized the Global Supply Chain | National Review

Ports, containers, and the Internet are now means for Beijing to project power.
Matt Weidner June 20, 2019 at 5:50pm

Mozilla patches a critical Firefox remote code execution bug. It is actively being exploited in targeted phishing attacks to deliver malware payloads. Update to 67.0.4 to fix the vulnerability. https://www.bleepingcomputer.com/news/security/mozilla-firefox-6704...

Mozilla Firefox 67.0.4 Fixes Second Actively Exploited Zero-Day

Mozilla has released Firefox 67.0.4 to fix a security vulnerability that has been used in targeted attacks against cryptocurrency firms such as Coinb…
Bill Schenkelberg June 20, 2019 at 10:58am

Ship AIS manipulation, in Transportation Section
Bill Schenkelberg June 18, 2019 at 1:20pm

War Risk Marine Insurance Soars - Transportation Section
Austin Talbot June 14, 2019 at 6:04pm

The maritime watch list and Vessel Impersonation reports for the week of 06 14 2019 are now posted in the Transportation Section.
Yury Polozov June 14, 2019 at 5:01pm

Address Bar Spoofing in The Wild

You often hear to pay attention to the address bar to check if the domain you see in your Internet browser is actually the one you intended. But hackers can sometimes spoof that too. In June 2019, Wapack Labs discovered a long-running campaign utilizing this address bar spoofing vulnerability that was fixed in Microsoft Edge, but still works in some mobile Safari version despite being reported years ago.

This results in the phishing page being displayed while the valid URL is in the address bar. The following image shows this exploit in action. The only indicator that it’s a phishing page is the misspelling in the form (brith instead of birth). This vulnerability (CVE 2018-8383) was originally reported back in 2015 and still has not been patched by Safari.

Download the whole report: https://redskyalliance.org/finished-analysis/allantibots

Allantibots

Apple IDs are a popular target for hackers because they can enable theft of financial data and other personally identifiable information (PII). These…
Bill Schenkelberg June 14, 2019 at 3:24pm

Summer Travel and cyber security - Transportation
Bill Schenkelberg June 14, 2019 at 3:14pm

06 14 2019 Oil and Gas brief in Oil and Gas Section
Jonathon Sweeney June 14, 2019 at 1:41pm

Wapack Labs has been tracking sextortion cases for years. Thieves are posing as a CIA officer sending emails to victims claiming that the victim has been viewing child pornography and is going to be arrested unless they pay $10,000 worth of bitcoin to the attacker.

Notes:

1. If you do not view child pornography, you should know this is fake.

2. The CIA is not going to reach out to pedophiles warning them that they are about to be arrested.

3. If a CIA officer were to ever accept a bribe, it's extremely unlikely that they would ask for it via email.

https://securityaffairs.co/wordpress/86899/cyber-crime/cia-extortio...

of 10

This reply was deleted.

Note: this page contains paid content.

Comments