X-Industry

On 20 February 2025, the US Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center published a joint Cybersecurity Advisory #StopRansomware: Ghost (Cring) Ransomware[1].  This advisory provides known Indicators of Compromise (IOCs) and Tactics, Techniques and Procedures (TTPs) associated with Ghost ransomware actors identified through FBI investigations. 

Ghost actors conduct these widespread attack

Russian state-backed actors are increasingly targeting secure messaging applications like Signal to intercept sensitive communications, reveals a recent report by Google’s Threat Intelligence Group.  These groups, often aligned with Russian intelligence services, are focusing on compromising accounts used by individuals of interest, including military personnel, politicians, journalists, and activists. While the initial focus appears to be related to the conflict in Ukraine, researchers believe

The first sample of the Lynx ransomware was made available on a publicly available file-scanning site in early July 2024, which coincides with other reports of its first availability.

Fortinet researchers found that the Lynx and INC ransomware, which first appeared in July 2023, look very similar.

However, INC offers fewer options at the execution phase. Researchers believe that INC ransomware is a predecessor to the Lynx ransomware. While INC ransomware is available for the Windows and ESXi pl

When Italian anti-mafia police surprised the Sicilian mob on 11 February 2025 their main aim was to stop them regrouping and creating a new governing body or cupola. But what has emerged from their wide-ranging investigation is an organized crime group having to adapt to modern realities and displaying a nostalgia for the loftier ambitions of the past. They don't produce mobsters like they used to, Giancarlo Romano told an associate in a wiretapped conversation before he was shot dead a year ago

A large-scale brute-force password attack involving nearly 2.8 million IP addresses daily attempts to compromise millions of VPN devices from various companies including Palo Alto Networks, Ivanti, and SonicWall.  Brute force attacks involve threat actors attempting to guess username and password combinations until they find the correct one.  The campaign is highly automated, suggesting the potential involvement of malware or botnets.

Ongoing password attack campaign targets VPN devices - The Sh

A roster of officials from government, academia and industry gathered in Munich Germany at a Security and Cyber Security Conference to discuss how future workforces must marry the power of artificial intelligence with expertise only a human can provide.  “Looking at the next generation of national security professionals, I want policy people who can code and coders who can do policy,” said the former head of the National Security Agency (NSA) General Paul Nakasone at the Munich Cyber Security Co

Broadcom researchers recently reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups. “Tools that are usually associated with China-based espionage actors were recently deployed in an attack involving the RA World ransomware against an Asian software and services company,” reads the report published by Broadcom.

During the late 2024 attack, the attacker d

There have been many movie or TV shows that depict US Presidents.  A new Netflix series is soon to be released dealing with cyber-security.  Netflix has recently released the trailer for its new limited series “Zero Day,” which features an ensemble cast of Robert De Niro, Jesse Plemons, Lizzy Caplan, Connie Britton, Joan Allen, Matthew Modine and Angela Bassett.  The six-episode technical thriller hits the streamer on 20 February 2025.[1] 

According to an official logline, “Zero Day” follows “Ro

Spanish National Police arrested a hacker responsible for multiple cyberattacks on government institutions in Spain, and the US Targets included the US Army, UN, NATO, and other agencies. Some of the breached organizations were the US Army, the United Nations, the International Civil Aviation Organization, the North Atlantic Treaty Organization, and multiple Spanish government agencies. “The suspect, who claimed responsibility for the intrusions into dark web forums, managed to access the comput

Cybercriminals are abusing a weakness in ASP.NET websites to remotely execute malicious code, according to Microsoft’s Threat Intelligence team, which has published an in-depth analysis of the new method.  In the article, Microsoft explained threat actors were injecting malicious code through a method called ViewState code injection attacks.

ViewState is a feature in ASP.NET websites that helps remember user input and page settings when the page is refreshed. It stores this information in a hidd

Old media newspaper companies have long been feeling the negative effects of the new cyber age.  Currently, a cyberattack is impacting on the availability of newspapers belonging to Lee Enterprises, one of the largest owners of local papers in the US.  The company told Recorded Future News it is “working through technology issues that caused some disruption” to the company’s day-to-day work.  “Our technology response team has been working with third-party specialists to fully restore our systems

Two weeks ago, Apple pushed a signature update to its on-device malware tool XProtect to block several variants of what it called the macOS Ferret family: FROSTYFERRET_UI, FRIENDLYFERRET_SECD, and MULTI_FROSTYFERRET_CMDCODES. This DPRK-attributed malware family was first described by researchers in December and further in early January and identified as part of the North Korean Contagious Interview campaign, in which threat actors lure targets to install malware through the job interview process

The United States is taking a firm stance against potential cybersecurity threats from artificial intelligence (AI) applications with direct ties to foreign adversaries. On 6 February 2025, US Representatives Josh Gottheimer (D-NJ) and Darin LaHood (R-IL) introduced the bipartisan No DeepSeek on Government Devices Act, which seeks to prohibit federal employees from using the AI-powered application DeepSeek on government-issued devices.

See: https://redskyalliance.org/xindustry/deepseek-or-deepfa

The New York Blood Center (NYBC) said it suffered a ransomware attack that disrupted operations and forced it to reschedule some operations.  NYBC is one of the largest independent blood collection and distribution organizations.  It collects about 4,000 units of blood products daily and serves more than 75 million people at over 200 hospitals across the Northeast and 500 nationwide.  The cyber incident occurred while the blood center was already facing a critical shortage due to a decline in th

Computers need electricity.  Without electricity, a country will effectively shut down.  In the near future Estonia, Latvia, and Lithuania will be officially severing their remaining electricity grid connections with Russia and Belarus, marking a significant step in their move away from Moscow’s influence nearly 35 years after leaving the Soviet Union.

This symbolic move, laden with geopolitical significance, accelerates a process that gained momentum following Russia’s invasion of Ukraine.  “Th

In a significant victory against cybercrime, US and Dutch law enforcement agencies have dismantled 39 domains and their associated servers to disrupt a Pakistan-based network of online marketplaces selling phishing and fraud-enabling tools. The coordinated effort was titled Operation Heart Blocker, which targeted a cybercriminal group known as Saim Raza, also operating under the name HeartSender.

According to the US Department of Justice (DOJ), the seized domains actively facilitate the sale of

A Russian hacking campaign has exploited a vulnerability in a popular file archiver to infect Ukrainian government and private organizations with SmokeLoader malware, researchers have found.

The bug, tracked as CVE-2025-0411, was discovered in 7-Zip, a free and open-source file archiver developed by Russian programmer Igor Pavlov.  It was identified by researchers at Tokyo-based cybersecurity firm Trend Micro in September and patched two months later, giving hackers ample time to exploit it in t

Shortly after taking office, Donald Trump touted a new private business venture, led by OpenAI, which plans to spend half a trillion dollars over the next four years building the data centers and power production plants that America’s growing AI industry relies on.  “It’s big money and high-quality people,” Trump said during a January 21^st press announcement alongside Sam Altman from OpenAI, Larry Ellison from Oracle, and Masayoshi Son from SoftBank.  The project is “a resounding declaration of

Volt.  Flax.  Salt.  Many typhoons have emerged in the last year and aren’t strictly related to the weather.  But, like their meteorological namesakes, they do cause catastrophic damage.  These typhoons are high-profile state-sponsored cyberattacks.  Recent incidents include exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet Service Providers (ISPs), to directly attack Singapore Telecommunications, representing part of ongoing cyberattacks against glo

Enterprise cybersecurity tools, such as routers, firewalls, and VPNs, exist to protect corporate networks from intruders and malicious hackers, something that is particularly important in today’s age of widespread remote and hybrid working. But while pitched as tools that help organizations stay safe from outside threats, many of these products have time and again been found to contain software bugs that allow malicious hackers to compromise the very networks these products were designed to prot