Home

Red Sky® Alliance

Wapack Labs has been serving information security professionals for over eight years. We invite businesses and organizations, enterprise to small businesses to learn more about cyber threats and how to avoid them. We provide reports, indicators, references and training about targeted, advanced, and emerging cyber threats in our private portal.

Red Sky® Alliance offers TLP White and Green cyber threat reporting for targeted industry segments, international reports and malware/bot analyses.

Let us better prepare you and your team for new cyber threats.

Signing up for access to all content is simple, just enter your name and email address. Redskyalliance.org is free to members and no salesperson will call.

DHS Warns of Russian Cyber Attack

10051028253?profile=RESIZE_400x The U.S. Department of Homeland Security is reportedly warning that the U.S. could witness a retaliatory cyberattack at the hands of Russia if it decides to respond to the latter's potential invasion of Ukraine, where 100,000 or more troops have been amassed for weeks.  According to a DHS Intelligence and Analysis bulletin dated 23 January 2022 and sent to law enforcement agencies…

Read more…

Ships & STRRAT

10051011299?profile=RESIZE_400x Shipping is an indispensable part of modern life.  It is the lifeblood of the global economy, with numerous large companies (and their equally large container ships) perpetually moving goods from one corner of the earth to the other to provide consumers and industries with the necessities of life.  Due to the critical importance of shipping and receiving goods to most organizations,…

Read more…

The Evolution of Keyloggers

10048232671?profile=RESIZE_400x Keyloggers have been around for decades. They have constantly adapted to the changing technology landscape and remain an effective method used by attackers to obtain information about computer users.  In this report we take a look at what keyloggers do, how they have changed, and what keyloggers to look out for going forward.

Keyloggers are software or hardware devices used to…

Read more…

10046387086?profile=RESIZE_400x Red Sky Alliance performs queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing…

Read more…

It’s About Time; But Wait more Evidence

10035854891?profile=RESIZE_400x The US Federal Energy Regulatory Commission (FERC) announced on 20 January 2022, to strengthen its Critical Infrastructure Protection (CIP) Reliability Standards by requiring internal network security monitoring (INSM) for high and medium impact bulk electric system cyber systems.

The Notice of Proposed Rulemaking (NOPR) proposes to direct the North American Electric…

Read more…

A Look at Earth Lusca

10032207060?profile=RESIZE_400x Since mid-2021, TrendMicro analysts have been investigating a threat actor called Earth Lusca (EL) that targets organizations globally via a campaign that uses traditional social engineering techniques such as spear phishing and watering holes.  This group’s primary motivation seems to be cyberespionage: the list of its victims includes high value targets such as government and…

Read more…

10031404495?profile=RESIZE_400x Activity Summary - Week Ending on 21 January 2022:

  • Red Sky Alliance identified 34,423 connections from new IP’s checking in with our Sinkholes
  • Microsoft IP hit again
  • Analysts identified 4,093 new IP addresses participating in various Botnets
  • SysJoker Backdoor
  • Konni Campaign
  • Take Down of VPNLab.net
  • Russia shuts down…
Read more…

Diabolical ‘Diavol’ Ransomware

10029452898?profile=RESIZE_400x The US Department of Justice (DOJ) authorities first became aware of Diavol ransomware in October 2021.  Diavol is allegedly associated with developers from the Trickbot Group, who are responsible for the Trickbot Banking Trojan.  Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of…

Read more…

In the News

Red Sky Alliance

For more information about Red Sky Alliance, follow the link, ABOUT

Webinars

Please Join our REDSHORT webinar. 'RED' as in something important from Red Sky Alliance and 'SHORT' as in 10 minutes or less twice a month. We will cover highlights of 1-2 trending topics, Trending Cyber Indicators, and include a link to a detailed report we will share. Our Encore presentations, also twice a month, same place & time, we will present previous webinars. Questions on any of these webinars can be answered in our redskyalliance.org Cyber Security Blog.

REGISTER HERE

Cyber Security Blog

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance

Comments

  • 12-year old Linux polkit privilege escalation, SEVERE vulnerability

    A 12-year old linux bug affecting all major Linux distruibutions has surfaced allowing attackers to obtain administrative level privileges. Local account access is required to exploit this vulnerability. The vulnerability poses a high risk to Linux systems and is easy to exploit.

    According to the Qualsys report:

    "pkexec is installed by default on all major Linux distributions (we
    exploited Ubuntu, Debian, Fedora, CentOS, and other distributions are
    probably also exploitable)"

    As a testament to the ease of exploitability, a publicly available exploit was published less than 3 hours after Qualsys's publication.

    Due to the ease of exploitation and the severity of the vulnerability, we recommend mitigating Linux systems immediately.

    Recommended mitigation (until a vendor patch is available) is to remove the SUID bit from the /usr/bin/pkexec executable using the following command:

    # chmod 0755 /usr/bin/pkexec

    Reference:
    https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
    https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/...
    https://access.redhat.com/security/cve/CVE-2021-4034
    https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
    https://ubuntu.com/security/CVE-2021-4034
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034
    https://github.com/arthepsy/CVE-2021-4034
    https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
  • Check out the new indicator black lists in the Indicators section.
  • Happy New Year 2022. let's beat COVID this year.
  • Happy New Year - 2022
  • Happy Holidays to all our members.
  • Log4j2
    https://www.fortiguard.com/outbreak-alert/log4j2-vulnerability
    Fortiguard
    Log4j2 Vulnerability
  • I am making a presentation for the Southwest Cybersec Forum on Monday, 06 December. Please join me if you can: http://www.southwestcybersecforum.com/
    About Us - Southwest CyberSec Forum
    The Southwest Cybersecurity Forum is one of the oldest security user groups in Arizona and is closely aligned with government and business to educate…
  • In another attempt to disrupt the maritime supply chain, Bureau Veritas (BV) was hit with a cyber-attack. BV handles vessel/ship classification.
  • From our Friends at the NH Information and Analysis Center: The below tips are just a few reminders of how to be cyber-safe during the holiday season.
    • Use caution with e-mails. Avoid clicking on links in unsolicited or suspicious emails and be wary of email attachments. It is always best to go to the site by searching the known and trusted URL and not using the one provided to you. It is also important to verify the sender by contacting them through a known and trusted contact method.
    • Be mindful of scam calls and text messages. It is important to only shop through trusted sources and do not give out personal information over the phone unless it is a trusted source.
    • If it sounds too good to be true, it likely is. Whether the cyber actor is redirecting you to a fake fraudulent site that appears to be legitimate or is posting a malvertisement (malicious advertisement) with the goal of spreading malware to your system. It is important to verify all ADs by going directly to the known, trusted site.
    • Don’t share your information. Most retailers do not need to know our date of birth or social security number for you to simply purchase a gift or gift card. If a retailer is asking for this information, be wary and consider shopping elsewhere.
    • Check your online statements frequently. This will help prevent and catch any criminals in the act of using your credit or debit cards.
  • Check out the up-dated Indicators section.
This reply was deleted.
E-mail me when people leave their comments –