All Articles (1100)

Sort by

10829724884?profile=RESIZE_400xStealing, skimming and scams are nothing new in the credit card industry.  But a new report by Reason Labs shows new twists to a credit card scam. In 2022, the cybersecurity world is no stranger to phishing attacks, credit card scams, virus distribution, and identity theft.  They are ongoing on a daily basis and we have almost reached the point where we think we have seen it all. However, researchers have just uncovered potentially one of the largest fraudulent online credit card schemes active

10829660692?profile=RESIZE_400xRed Sky Alliance has been supporting cyber security prevention for years.  Prevention works and need to be employed to all cyber defenses.  Cyber-attacks know no boundaries.  They happen everywhere – even in Africa.  Companies are confronted with the increasingly difficult task of safeguarding their expanded digital estate against rising cyber threats. Previously, they'd implement security processes based on the physical network boundary, which was limited to their official premises.

Following t

10828250694?profile=RESIZE_400xUS tech firms that have received federal funding in the past will be prevented from creating advanced technology factories in China for at least a decade.  The Biden administration has announced new guidelines as part of a $53 Billion plan to build up the US national semiconductor industry.  The “brain” in every electronic device, from cars to household appliances, is predominantly manufactured in Asia, notably in Taiwan's sophisticated and immensely costly fabrication plants.

The US Chips and S

10828879475?profile=RESIZE_400xOperational technology/industrial control system (OT/ICS) assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes continue to be an attractive target for malicious cyber actors.  These cyber actors, including advanced persistent threat (APT) groups, target OT/ICS assets to achieve political gains, economic advantages, or destructive effects. Because OT/ICS systems manage physical operational processes, cyber actors’ operations could result in physica

10828715890?profile=RESIZE_400xThe Uyghur community was targeted with an Android-based malware campaign for over seven years, according to researchers with cybersecurity firm Check Point.  The last sample they found dated to the middle of August 2022.  The Android spyware is called MobileOrder and has been used in various forms since 2015.  “The scale and the persistence of the campaign is remarkable. Furthermore, the malware has a lot of active capabilities like calls and surround recording, real time geolocation and even th

10828243262?profile=RESIZE_400xThe Svalbard Seed Vault in Norway safeguards duplicates of 1,165,041 seed varieties from almost every country, with room for millions more.  Its purpose is to back up gene bank collections to secure the foundation of our future food supply.   The Seed Vault is the ultimate insurance policy for the world’s food supply, securing millions of seeds representing every important crop variety available today and offering options for future generations to overcome the challenges of climate change and po

10827725278?profile=RESIZE_400xChromeLoader proves to be an extremely prevalent and persistent malware.  It initially drops as an .iso and can be used to leak users’ browser credentials, harvest recent online activity, and hijack browser searches to display ads.  The VMware Carbon Black Managed Detection and Response (MDR) team observed the first Windows variants of ChromeLoader in the wild in January 2022 and the macOS version in March 2022.   There are some variants known to ChromeLoader, including ChromeBack and Choziosi L

10827511480?profile=RESIZE_400xPortugal’s national airline TAP Air Portugal says hackers obtained the personal data of some of its customers and have published the information on the dark web.  No payment data was taken in the cyberattack, the flag carrier said in a statement late Wednesday.

The attack began almost a month ago and is being investigated by Portuguese authorities, with the help of specialists from Microsoft.  The hackers obtained the name, nationality, sex, date of birth and address, email and telephone contact

10826720674?profile=RESIZE_400xSeveral members of the US Congress called on the National Telecommunications and Information Administration (NTIA) on 21 September to do more to protect the privacy of domain registration information.  US Senator Ron Wyden (D-Ore.) and US Representative Anna G. Eshoo (D-Calif.) led a group of lawmakers in criticizing the NTIA for not protecting the “highly sensitive” personal information used to register for .US domains.  The records contain usernames, addresses, phone numbers and email addresse

10825337671?profile=RESIZE_400xActivity Summary - Week Ending on 23 September 2022:

  • Red Sky Alliance identified 24,982 connections from new IP’s checking in with our Sinkholes
  • Amazon Technologies Inc hit 138x
  • Analysts identified 1,144 new IP addresses participating in various Botnets
  • Shikitega Malware
  • Adobe InDesign
  • Ragnar
  • RedLine Stealer
  • Uber Hack
  • Bosnia and Herzegovina
  • Republika Srpska

Link to full report: IR-22-267-001_weekly267.pdf

10824332298?profile=RESIZE_400xOur Friends at Fortinet have provided its latest technical analysis of the Ragnar Locker ransomware.

Affected platforms:          Microsoft Windows
Impacted parties:            Microsoft Windows Users
Impact:                            Encrypts files on the compromised machine and demands ransom for file decryption
Severity level:                  High

Ragnar Locker is ransomware for Windows and Linux that exfiltrates information from a compromised machine, encrypts files using the Salsa20 encry

10818501281?profile=RESIZE_400xAccording to a recent report, cyber threat intelligence professionals believe they could not find private data leaked from their organizations on the dark web.  Most security professionals in US organizations are concerned about threats from the dark web, a large portion still do not take risks from the criminal underground seriously.  A recent survey shows that a third of people responsible for managing cyber vulnerabilities in their day-to-day work say they are not very concerned about threats

10817078071?profile=RESIZE_400xWhen Belarusian activist Yuliana Shemetovets was offered a job as the spokesperson of the Belarusian Cyber Partisans hacktivist group, she didn’t rush to accept it. “To be honest, I was scared,” she said.  She had reasons to be. Belarus is an authoritarian state in which elections are openly rigged and civil liberties are severely restricted. The country is ruled by dictator Alexander Lukashenko, who has resorted to repression and corruption to stay in power for more than 30 years.

Belarusian Cy

10816096095?profile=RESIZE_400xSo, I just got back from a trip to Georgia, the one in the US.  I used Uber three times.  Convenient, clean, hassle-free and the drivers were very nice.  An over-all great experience.  Until……Uber has reported this past weekend it is investigating a major cyber security breach that has forced it to take several critical systems offline following an alleged social engineering attack on an employee by an apparent teenage hacktivist.

The incident was exposed last week on 15 September, when an indiv

10815591865?profile=RESIZE_400xRansomware is currently one of the most significant cybersecurity issues facing all business and government sectors, as cyber criminals hack into businesses, schools, hospitals, critical infrastructure and more so as to encrypt files and demand a ransom payment for the decryption key.  Despite warnings, many victims pay these ransoms, under the impression that it is the quickest way to restore their network, particularly if the cyber criminals are also threatening to leak stolen data.  But all t

10813742095?profile=RESIZE_400xActivity Summary - Week Ending on 16 September 2022:

  • Red Sky Alliance identified 46,287 connections from new IP’s checking in with our Sinkholes
  • hetzner[.]de in Finland hit 28x
  • Analysts identified 3,147 new IP addresses participating in various Botnets
  • Nomad Crypto
  • EvilProxy
  • Albania
  • US – New York
  • Kiwi Farms
  • Russia
  • Industrial Espionage

Link to full report: IR-22-259-001_weekly259.pdf



Red Sky Alliance regularly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with assoc

10812294100?profile=RESIZE_400xThe continued use of threat intelligence to combat nation-state espionage is an important practice for cybersecurity teams.  However, outside of common types of fraud seen on the dark web or closed forums, the same threat intelligence often is not leveraged to combat enterprise fraud.  Prevention is the key to protecting your organization from cyber breaches.  An effective defense uses all of the tools available to keep a breach from occurring in the first place. 

According to Sun-Tzu, a 4th-cen

10812254669?profile=RESIZE_400xThe Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. This new dropper does not rely on Accessibility permissions to automatically install the dropper Sharkbot malware.  This new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats.


The apps in question, Mister Phone