Home

Red Sky Alliance

Wapack Labs has operated Red Sky Alliance for over seven years. We are a trusted group of organizations, large and small, sharing information about targeted, advanced, and emerging cyber threats in a private secure portal. 
 
Red Sky Alliance offers TLP White and Green reporting that can satisfy most any situational awareness need, with reports, forums and people to ask questions of - Sign up Now for FREE Membership and Access to all Content.
 

Get Advice, Intelligence, & Help.

The Red Sky Alliance portal offers cyber security reporting and training materials that can help your company meet the cyber threat challenges of today.

Sign up Now for FREE Membership and Access to all Content.

X-Industry

IR-19-164-001 PHP Exploit Attacks from Conficker Botnet

Posted by Aureanna Hakenson on June 14, 2019 at 5:47pm
Beginning in April 2019, Wapack Labs SOC observed an uptick in alerts for inbound PHP exploit attempts affecting multiple clients. These alerts indicate attacks on vulnerable systems through the use of malicious PHP code in HTTP requests. If these attacks are successful, they can result in data exfiltration as well as remote control of victim servers.
Read more…
Comments: 0
Tags:

Allantibots

Posted by Christopher Hall on June 14, 2019 at 1:46pm

Apple IDs are a popular target for hackers because they can enable theft of financial data and other personally identifiable information (PII). These are often obtained through phishing campaigns intended to trick users into entering their personal data. In June 2019, Wapack Labs identified one such campaign that is leveraging a large infrastructure and a phishing kit dubbed ‘Allantibots’. Allantibots is a sophisticated phishing package and is characterized by its ability to spoof the…

Read more…

Bogus Technology Support Representatives

Posted by Bill Schenkelberg on June 10, 2019 at 1:39pm

Our friends at the US Federal Bureau of Investigation, Office of Private Sector, has recently provided information to private sector partners regarding criminals posing as technology support representatives to obtain personal and financial information. 

The culprits gain the trust from victims by impersonating a representative from a…

Read more…

CHINA MODIFIES CYBERSECURITY LAW IN POSSIBLE RETALIATION FOR HUAWEI BAN

Posted by Bill Schenkelberg on June 1, 2019 at 9:05am

The Cyberspace Administration of China (CAC) issued a new draft cybersecurity regulation on 21 May 2019.  This draft is a planned extension of the Cybersecurity Law issued in 2017 that placed greater restrictions on foreign firms operating in China.  The new regulation creates the requirement for review of imported network equipment to…

Read more…

Cyber Intelligence Briefing

WAPACK LABS PRESENTS
Cyber Intelligence Briefing: RDP a Deep Dive
 

Remote Desktop Protocol (RDP) serves as an entry point for an attacker that desires to move laterally throughout an organization via an RDP hijacking session. This month's cyber intelligence on-line briefing is a deep dive into the different types of attacks against RDP.

Did you miss it? Its never too late. Click here to view the recording.

Wapack Labs in the News

On - Demand, Red Sky Alliance Threat Brief Broadcast.

Please join us every week for an, on demand, rebroadcast of our Weekly Red Sky Alliance Threat Brief, a succinct summary of current threat activities designed to inform your decision-making. Listen in on what our Wapack Labs analysts have been working on.

Register Here, Watch Now
See you online!

Cyber Security Blog

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance

Comments

  • Austin Talbot June 14, 2019 at 6:04pm
    The maritime watch list and Vessel Impersonation reports for the week of 06 14 2019 are now posted in the Transportation Section.
  • Yury Polozov June 14, 2019 at 5:01pm
    Address Bar Spoofing in The Wild

    You often hear to pay attention to the address bar to check if the domain you see in your Internet browser is actually the one you intended. But hackers can sometimes spoof that too. In June 2019, Wapack Labs discovered a long-running campaign utilizing this address bar spoofing vulnerability that was fixed in Microsoft Edge, but still works in some mobile Safari version despite being reported years ago.

    This results in the phishing page being displayed while the valid URL is in the address bar. The following image shows this exploit in action. The only indicator that it’s a phishing page is the misspelling in the form (brith instead of birth). This vulnerability (CVE 2018-8383) was originally reported back in 2015 and still has not been patched by Safari.

    Download the whole report: https://redskyalliance.org/finished-analysis/allantibots
    Allantibots
    Apple IDs are a popular target for hackers because they can enable theft of financial data and other personally identifiable information (PII). These…
  • Bill Schenkelberg June 14, 2019 at 3:24pm
    Summer Travel and cyber security - Transportation
  • Bill Schenkelberg June 14, 2019 at 3:14pm
    06 14 2019 Oil and Gas brief in Oil and Gas Section
  • Jonathon Sweeney June 14, 2019 at 1:41pm
    Wapack Labs has been tracking sextortion cases for years. Thieves are posing as a CIA officer sending emails to victims claiming that the victim has been viewing child pornography and is going to be arrested unless they pay $10,000 worth of bitcoin to the attacker.

    Notes:
    1. If you do not view child pornography, you should know this is fake.
    2. The CIA is not going to reach out to pedophiles warning them that they are about to be arrested.
    3. If a CIA officer were to ever accept a bribe, it's extremely unlikely that they would ask for it via email.

    https://securityaffairs.co/wordpress/86899/cyber-crime/cia-extortio...
  • Matt Weidner June 13, 2019 at 5:23pm
    Millions of Exim mail servers are under attack today as attackers attempt to exploit CVE-2019-10149 to gain root access on affected servers. Exim mail transfer agent versions 4.87 - 4.91 are affected. Version 4.92 patches the vulnerability. https://www.bleepingcomputer.com/news/security/millions-of-exim-mai...
    Millions of Exim Mail Servers Are Currently Being Attacked
    Millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions are currently under siege, with attackers gaining permanent root…
  • Yury Polozov June 13, 2019 at 1:59pm
    Telegram messenger just had issues worldwide being DDoSed. The reason is likely China trying to silence the Hong Kong protests https://twitter.com/durov/status/1138942773430804480
    Pavel Durov on Twitter
    “@DefTechPat @telegram IP addresses coming mostly from China. Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincide…
  • Bill Schenkelberg June 9, 2019 at 3:05pm
    US Rail Crude Oil Traffic and Security Awareness - in Transportation Section
  • Bill Schenkelberg June 7, 2019 at 2:59pm
    Oil and Gas Brief 06 07 2019 in Oil and Gas Section
  • Bill Schenkelberg June 6, 2019 at 11:47am
    Phish & Ships June 2019 edition in Transportation Section.
This reply was deleted.