X-Industry

“This is a National Security Threat,” says Kymberlee Price.  Ransomware is doing more to change the security landscape than the last 20 years of Secure Development Lifecycle, DevSecOps, Zero Days, Breaches, or any corporate memo.  Pair this with predatory pricing models from software vendors that sell security features as add-on products in premium or enterprise tier licenses, and you’ve got a perfect storm that hits small and medium sized businesses (SMBs) the hardest.

In this hard-hitting talk

Concerns about the security risks of mobile messaging are increasing with concerns over the security of messaging between platforms like iPhone and Android have significantly increased.  At the same time, Apple has launched its own RCS messaging system that will compete with WhatsApp and other messaging platforms.  US authorities are telling the public to adopt fully encrypted communication services to protect against growing cyber threats. The FBI and the Cybersecurity and Infrastructure Securi

Firmware is low-level software that creates the interaction between the hardware and the operating system. It contains important instructions for operating electronic devices such as routers, IoT sensors, smartphones, and even cars. However, these instructions are often invisible to the user, making firmware less secure. The report below will show the principal risks of firmware security and best practices for protecting against hackers.

Key security risks in firmware development - Ensuring the

This article was written by Joshua Goldfarb, Field CISO, F5, and published on DarkReading (www.darkreading.com). I am posting his article in its entirety (including some grammar edits) as it is an excellent observation of today's world. My first bachelor’s degree was a BA in English from DePauw University. In today’s world of high-tech, we often forget the fine arts. We studied art, poetry, and literary classics. I have found that learning more than accounting and software development skills has

The Ukrainian security service (SBU) has uncovered a new suspected espionage campaign by Russian intelligence services involving the recruitment of Ukrainian teenagers for criminal activities disguised as "quest games."  During an operation in the northeastern city of Kharkiv, local law enforcement arrested two groups of alleged Russian Federal Security Service (FSB) agents, all of whom were 15- and 16-years-old.

The teenagers were allegedly tasked with carrying out espionage, directing missile

A federal appeals court has upheld a law that could see TikTok banned across the US unless its Chinese parent company, ByteDance, divests its ownership.  The decision was issued by a three-judge panel from the US Court of Appeals for the District of Columbia Circuit on 06 December 2024, marking a significant setback for the video-sharing platform as it battles to remain operational in the United States.  The court ruled that the law, signed by President Joe Biden in April 2024, does not violate

Darktrace reported on 04 December 2024 a surge in retail cyberattacks at the opening of the 2024 holiday shopping season. Analysis from Darktrace's threat intelligence team using data from across the Darktrace customer fleet shows that during Black Friday week (November 25-29), attempted Christmas-themed phishing attacks leaped 327%[1] around the world, while Black Friday-themed phishing attacks jumped 692% compared to the beginning of November (4-9)[2], as bad actors seek to take advantage of c

BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack. “We identified an attempt to compromise our BT Conferencing platform. This incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated,”

Security researchers have flagged a critical vulnerability in Microsoft’s multi-factor authentication (MFA) system, called “AuthQuake,” that could allow attackers to bypass protections and gain unauthorized account access.  Their report[1] details how the flaw required no user interaction, did not generate alerts, and took less than an hour to execute.  While multi-factor authentication (MFA) is a solid security mechanism, such flaws make it a double-edged sword due to the nature of the user’s r

About a year ago, I rented an AirBnB house.  Once I signed up, I realized the point of contact was named “China.”  Well, my heart sank until I realized that China was her name.  Still unconvinced, I have someone actually “look” at the property and see if it was real.  It was, whew…..and “China” turned out to be a lovely person.  I guess parents name their children other names than Susie, Patty and Cathy…. Ok, ok - I’m showing my age.  But caution should still be employed for any AirBnB rental tr

Threat intelligence experts at ClearSky Cyber Security have reported the details of an Iranian social engineering campaign using fake LinkedIn identities to trick people into downloading malware with fake job offers. ClearSky has identified a campaign named “Iranian Dream Job,” in which the Iranian threat actor TA455 has targeted the aerospace industry by offering fake jobs.

See: https://redskyalliance.org/xindustry/iran-targeting-aerospace-through-fake-jobs

The campaign distributed the so-calle

International law enforcement has shut down 27 of the most popular platforms used to carry out distributed denial-of-service (DDoS) attacks, Europol announced in a statement on 11 December 2024.  The operation called PowerOFF, conducted across 15 countries to include the US, UK, Australia, Brazil, Canada, and Finland, which led to the identification of 300 users of these platforms and the arrest of three administrators in France and Germany.

Europol explained that the takedowns were timed ahead

The US Treasury Department has sanctioned a Chinese cybersecurity vendor for allegedly trying to spread malware to approximately 81,000 firewall devices from Sophos.  The sanctions target Sichuan Silence Information Technology and one of its employees, Guan Tianfeng, “for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide,” the Treasury Department said in last Tuesday’s announcement.  “More than 23,000 of the compromised firewalls were in the United States,” the

Tinexta Cyber and SentinelLabs have tracked threat activities targeting business-to-business IT service providers in Southern Europe. Based on the malware, infrastructure, techniques used, victimology, and the timing of the activities, researchers have assessed that it is highly likely a China-nexus threat actor conducted these attacks with cyberespionage motivations.
The relationships between European countries and China are complex and characterized by cooperation, competition, and underlying

The FTC announced on 03 December 2024 that it had banned data brokers Mobilewalla and Gravy Analytics from harvesting and selling Americans' location tracking data linked to sensitive locations, like churches, healthcare facilities, military installations, and schools. The FTC says Mobilewalla and Gravy Analytics unlawfully collected and sold location data collected from consumers, including data linked to their visits to places of worship and health-related locations.

Virginia-based Gravy Analy

As soon as transactions of data and money started to become commonplace on the internet criminals sensed a whole new vista opening up to them.  Since then, it has been a constant game of cat and mouse trying to stay one step ahead of the cybercriminals, too often with the hackers coming out on top.

According to the figures there were over 2,300 attacks recorded in 2023.  That might not sound too serious.  But the nature of an attack means that many people are affected by each one.  In this case

DMM Bitcoin is a cryptocurrency exchange based in Japan, operated by DMM Group, a large Japanese e-commerce and entertainment conglomerate. Launched in 2018, the platform allows users to trade various cryptocurrencies, including Bitcoin, Ethereum, and Ripple, through spot trading and leverage trading services. In June 2024, the Japanese cryptocurrency exchange announced that cybercriminals stole 4,502.9 Bitcoin (BTC), approximately $304 million (48.2 billion yen), from its wallets.

“At approxima

Stoli Group's U.S. companies https://stoli-group.com  have filed for bankruptcy following an August 2024 ransomware attack and Russian authorities seizing the company's remaining distilleries in the country.  Chris Caldwell, the President and Global Chief Executive Officer of Stoli USA and Kentucky Owl, the two Stoli Group subsidiaries, said in a recent filing, this comes after the August attack severely disrupted its IT systems, including its enterprise resource planning (ERP) platform.

The cyb

While threat actors continue to rely on many “classic” tactics that have existed for decades, our threat predictions for the coming year largely focus on cybercriminals embracing bigger, bolder, and, from their perspectives, better attacks.  From Cybercrime-as-a-Service (CaaS) groups becoming more specialized to adversaries using sophisticated playbooks that combine both digital and physical threats, cybercriminals are upping the ante to execute more targeted and harmful attacks.

In its 2025 thr

Researchers have discovered what they believe is the first-ever malware capable of infecting the boot process of Linux systems. "Bootkitty" is proof-of-concept code that students in Korea developed for a cybersecurity training program they're involved in. Though unfinished, the bootkit is fully functional and even includes an exploit for one of several so-called LogoFAIL vulnerabilities in the Unified Extensible Firmware Interface (UEFI) ecosystem that Binary Research uncovered in November 2023.