X-Industry

The US Commerce Department on 14 January 2025 announced a new rule that will ban certain Chinese and Russian connected car technology from being imported to the United States.  Software and hardware built into Vehicle Connectivity Systems (VCS), such as telematics control units and cellular, satellite and Wi-fi functions, which are manufactured in China and Russia will be banned, along with any connected cars containing them.

Separately Russian and Chinese Automated Driving System (ADS) software

Microsoft's Digital Crimes Unit is pursuing legal action to disrupt cybercriminals who create malicious tools that evade the security guardrails and guidelines of generative AI (GenAI) services to create harmful content.  According to a spokesman, it has observed a threat group seeking out vulnerable customer accounts using generative AI, then creating tools to abuse these services.[1]

See:  https://redskyalliance.org/xindustry/microsoft-s-new-copilot-ai-agents

According to an unsealed complaint

French cybersecurity firms and law enforcement agents, together with partners from the United States, have successfully removed Chinese-built malware from thousands of infected PCs.  In a press release shared on the US Justice Department (DOJ) website, it was said a Chinese state-sponsored threat actor called Twill Typhoon (AKA Mustang Panda) built a custom version of the PlugX malware which can “infect, control, and steal information from victim computers.  Since at least 2014, Mustang Panda ha

What is the E-ZPass Smishing Scam?  Recently, scammers have been targeting consumers with a "smishing" scam where they send a text or email claiming to be from the E-ZPass tolling agency.   The message claims that a driver has an unpaid toll and they need to settle their bill using a link provided in the message before late fees are incurred.

InfraGard Rhode Island urges you to NEVER click on links from unknown senders, in both text messages and emails.

What should you do if you have received a

On 7 January 2025, the US government announced the launch of the US Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices. "IoT products can be susceptible to a range of security vulnerabilities," the US Federal Communications Commission (FCC) said. "Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear a label including a new 'US Cyber Trust Mark.'"

As part of the effort, the logo will be accompanied

Spoofed email addresses in malspam campaigns continue to work for attackers who use them to bypass security mechanisms and trick victims into triggering the malware. Despite safeguards like DKIM, DMARC, and SPF designed to prevent attackers from spoofing well-known domains, attackers are getting around these by abusing neglected domains that lack DNS records, making them harder to detect.

Researchers have identified how these spam campaigns use disused domains to distribute phishing emails cont

In the 1970s and 1980s, Casio was best known for its electronic (including scientific) calculators, electronic musical instruments, and affordable digital watches incorporating innovative technology. All the cool kids had a Casio calculator (unfortunately, I was taught on a slide rule). Well, Casio is still around. Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. The affected individuals are primarily

The National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC) says it has identified two major cyber espionage campaigns undertaken by the US cyber spies that hacked Chinese technology companies with the aim to steal trade secrets.  In a statement, CNCERT/CC said that advanced materials design and research unit and a large-scale high-tech company focused on intelligent energy and digital information were "suspected of being attacked by a US intelligence

Businesses are more likely to face a costly cyber-crime attack than a robbery or fire this year as hackers continue to employ devious social-engineering skills to lure unsuspecting victims.  This reality has been highlighted in several reports by global cybersecurity experts who have analyzed cybercrimes, such as ransomware (where hackers encrypt and steal data), smishing (SMS link scams) and phishing (email link/attachment scams) in recent years and have warned that Artificial Intelligence (AI)

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has taken decisive action against Integrity Technology Group, Incorporated (Integrity Tech), a Beijing-based cybersecurity company, for its alleged involvement in malicious cyber activities targeting U.S. critical infrastructure. Announced on January 3, 2025, this move represents a significant escalation in the U.S. government's efforts to combat state-sponsored cyber threats.

Integrity Tech is accused of providing inf

The National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity warned Japanese organizations of a sophisticated Chinese state-backed cyber-espionage effort called "MirrorFace" to steal technology and national security secrets.  Japanese authorities said the advanced persistent threat group (APT) MirrorFace has been operating since 2019.

"By publicizing the modus operandi of 'MirrorFace' cyberattacks, the purpose of this alert is to make targeted organizat

The Green Bay Packers American football team notified fans that a threat actor hacked its official online retail store in October 2024 and injected a card skimmer script to steal customers' personal and payment information. The National Football League team says it immediately disabled all checkout and payment capabilities after discovering on 23 October 2024 that the packersproshop.com website was breached.

"On October 23, 2024, we were alerted to malicious code inserted on the Pro Shop website

Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool to steal sensitive data from developer systems. "By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics, and configuration details," the Socket research team said in an analysis.
Hardhat is a development environment for

Google has informed companies that use its advertising products that it will soon allow them to use fingerprinting techniques. This will allow them to track users across multiple devices including Smart TVs and game consoles.

The announcement has huge raised privacy concerns, and the move has been called “irresponsible” by Stephen Almond, the executive director of regulatory risk at the UK Information Commissioner’s Office (ICO). It is also a reversal of Google’s previous position on fingerprint

Taiwanese government networks experienced a daily average of 2.4 million cyber-attacks in 2024, most attributed to Chinese state-backed hackers. This represents double the daily average from 2023, which saw 1.2 million daily attacks targeting government networks, Taiwan’s National Security Bureau said in a new report. “Although many of those attacks have been effectively detected and blocked, the growing numbers of attacks pinpoint the increasingly severe nature of China’s hacking activities,” t

The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau (PIB) said in a statement released 05 January 2025. "Citizens are empowered with rights to demand data erasure, appoint digital nominees, and access user-friendly mechanisms to manage their data."

The rules,

From the boardroom to the cyber combat zone, the past 12 months will go down as a year that society came under attack from an unprecedented wave of digital threats.  The new battlefield.  Sophisticated ransomware, deepfake phishing scams and state-sponsored cyber-attacks highlighted just how pervasive the danger has become. At the same time, businesses and governments accelerated efforts to develop new defenses– actions which, while vital, sparked debates around privacy and the ethics of cyberse

The Philippines Department of Information and Communications Technology (DICT) earlier this week flagged the growing cyber-attacks against Philippine government websites, including those of the Executive branch and some lawmakers, ahead of the midterm elections.  “We are constantly under attack from different sectors, from hackers, from scammers,” DICT Secretary Ivan John E.  Uy told a news briefing at the presidential palace. “These are persistent threat actors.  We have detected a significant

An Android malware called FireScam tricks people into thinking they are downloading a Telegram Premium application that clandestinely monitors victims' notifications, text messages, and app activity while stealing sensitive information via Firebase services.

Cyfirma researchers spotted the new infostealer with spyware capabilities. They said the malware is distributed through a GitHub.io-hosted phishing website miming RuStore, a popular Russian Federation app store.

The phishing site delivers a

Ransomware gang, Brain Cipher, has begun leaking sensitive data stolen from Rhode Island’s RIBridges social services platform earlier in December 2024.  The integrated system, which managed healthcare, social services, and food assistance programs, served some 650,000 citizens including minors, before being taken offline. Exposed information was confirmed by Governor McKee to contain names, addresses, birthdates, social security numbers, and banking details.  Screenshots also suggest that the st