Link to full report: IR-22-182-001_weekly182.pdf
Summary Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more
If Artificial Intelligence applications (Ai) like Alexa really can convert voices, using less than a minute of recorded voice into real-time speech, it opens the door to dystopian gaslighting to a whole new level. This could be frightening, creepy, disturbing and maybe even criminal. The definition of gaslighting according to Merriam-Webster: psychological manipulation of a person usually over an extended period of time that causes the victim to question the validity of their own thoughts, pe
Our monthly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.
Link to full report: IR-22-180-001_IntelSummary180.pdf
The Black Basta ransomware-as-a-service (RaaS) syndicate has amassed nearly 50 victims in the US, Canada, the UK, Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window. "Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers, and more," Cybereason said in a repo
Cryptocurrency storage is one of the most important things that investors should consider when joining the burgeoning digital asset market. Most people investing in this space have little to no knowledge of the existing options. Crypto exchanges currently hold the larger share of investors’ capital despite the associated risks, including hacking and regulatory pressures from oversight authorities.
There are two types of crypto wallets; custodial and non-custodial. The former is offered by cen
It has been reported that cyber criminals are sending out millions of phishing emails a day, using extortion and other schemes to steal Bitcoin and other cryptocurrencies from victims. The phishing attacks use a variety of techniques to trick people into transferring sums of Bitcoin, including phony requests for charity donations and Business Email Compromise BEC scams.
See: https://redskyalliance.org/xindustry/what-the-heck-is-bec
According to a report by cybersecurity researchers at Proofpoi
Link to full report: IR-22-175-001_weekly175.pdf
Have you ever heard of the term "cyber soldier"? If yes, Uncle Sam wants you. There are military hackers who do fascinating work. From defending the nation's critical infrastructure to launching attacks on enemy targets, cyber soldiers get advanced training to conduct cyber warfare, even during peacetime. A cyber soldier's job is to conduct defensive and offensive operations within the military. Defensive operations refer to protecting their network from enemy cyber soldiers conducting off
Flagstar Bank, https://www.flagstar.com has recently disclosed a security incident that led to the exposure of personal data belonging to up to 1.5 million customers. According to cyber threat investigators, the data breach occurred between 3 December 3 and 4 December 2021. The US financial organization is headquartered in Michigan and operates over 150 branches in areas including Indiana, California, Wisconsin, and Ohio. Flagstar Bank serves both consumer and commercial businesses, holding $2
Recently, researchers have identified a new Android malware family capable of exfiltrating financial and personal information after taking control of infected devices. Named by researchers as MaliBot, the malware poses as a cryptocurrency mining application, but may also pretend to be a Chrome browser or another app. On infected devices, the threat focuses on harvesting financial information and stealing banking, finance, cryptocurrency and Personally Identifiable Information PII.
The malware us
A Russian official threatened the West on 08 June 2022, asserting that a “direct military clash” could result if Western governments continue to mount cyberattacks against its infrastructure. “The militarization of the information space by the West and attempts to turn it into an arena of interstate confrontation, have greatly increased the threat of a direct military clash with unpredictable consequences,” the Russian foreign ministry’s head of international information security said in a stat
Ever since the beginning of the Internet Age, the potential to weaponize digital technologies as tools of international aggression has been known. This was exposed by Russia’s 2007 cyber-attack on Estonia, which was widely recognized as the first such act by one state against another. In 2016, NATO officially recognized cyberspace as a field of military operations alongside the more traditional domains of land, sea and air.
The current Russia-Ukraine War demonstrates the next major milestone i
Link to full report: IR-22-168-002_weekly168.pdf
Red Sky Alliance regularly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate
Data cloud company Snowflake (NYSE: SNOW) is the latest enterprise technology firm looking to help fuel the massive data lakes that power enterprise security programs. Snowflake recently launched a new Cybersecurity workload that helps cybersecurity teams to better protect their enterprises using its platform and an extensive ecosystem of partners delivering security capabilities with connected applications, cybersecurity teams can quickly gain visibility and automation at cloud scale.[1]
“With
Recently, a researcher has shown how a simple key card feature introduced by Tesla last year could be abused to add an unauthorized key that allows an attacker to open and start a vehicle. The research was conducted by an Austria-based member of the Trifinite research group, which focuses on Bluetooth security. Https://trifinite.ord
The Trifinite Group was founded in August 2004 and it is a loosely coupled group of computer experts that focuses on researching wireless communications and rel
Cyber threat researchers have identified some of the most prolific mobile banking Trojans that have targeted 639 financial applications that are available on the Google Play Store and have been cumulatively downloaded over 1.01 billion times. Some of the most targeted apps include Walmart-backed PhonePe, Binance, Cash App, Garanti BBVA Mobile, La Banque Postale, Ma Banque, Caf - Mon Compte, Postepay, and BBVA México. These apps alone account for more than 260 million downloads from the official
The US State Department said the Conti strain of ransomware was the most-costly in terms of payments made by victims as of January 2022. Conti, a Ransomware-as-a-Service RaaS program, is one of the most notorious ransomware groups and has been responsible for infecting hundreds of servers with malware to gain corporate data or digital damage systems, essentially spreading misery to individuals and hospitals, businesses, government agencies and more all over the world.
See: https://redskyallian
A joint publication coauthored by the National Security Agency (NSA), Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) was released on 7 June 2022 about the People’s Republic of China State-Sponsored activities.
State-Sponsored actors have been exploiting Common Vulnerabilities and Exposures (CVEs) that are related to network devices. The vulnerabilities that these actors are exploiting are documented, and should be patched immediately if they
