All Articles (1443)

Sort by

11211728690?profile=RESIZE_400xThe United States and international cybersecurity authorities are issuing this joint  Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon.  Private sector partners have identified that this activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these

11176376301?profile=RESIZE_400xAs the digital realm expands and thrives, so does the perverse world of cybercrime.  If current trends continue, the annual cost of cyber-attacks is projected to escalate to $10.5 trillion by 2025, a staggering 300% increase from 2015.

Faced with this ongoing cyber assault, organizations worldwide are expected to shell out $1.75 trillion on cybersecurity measures from 2021 to 2025, which represents 15% year-over-year growth.  Yet even this may not be enough to combat the problem.  A recent surve

11171683269?profile=RESIZE_400xCyber security researchers identified a new information-stealing malware that targets browsers and cryptocurrency wallets.  Although the malware, called Bandit Stealer, has only targeted Windows systems so far, it has the potential to expand to other platforms such as Linux.  What makes Bandit Stealer particularly dangerous is that it’s difficult for victims to detect, researchers at Trend Micro wrote in a report published last week.

For example, Bandit Stealer can bypass Windows Defender, a sec

11151738884?profile=RESIZE_400xResearchers have uncovered malware designed to disrupt electric power transmission that may have been used by the Russian government in training exercises for creating or responding to cyberattacks on electric grids.

Known as CosmicEnergy, the malware has capabilities that are comparable to those found in malware known as Industroyer and Industroyer2, both of which have been widely attributed by researchers to Sandworm, the name of one of Russia’s most skilled and cutthroat hacking groups.  Sand

11148590669?profile=RESIZE_400xWhile many associate Veterans Day and Memorial Day with service, the two are not the same.  Veterans Day is a celebration of those who serve and have served.  Memorial Day is a solemn day to reflect on veterans and military personnel who are deceased.[1]

The US Memorial Day was originally called Decoration Day and began during the US Civil War when citizens placed flowers on the graves of those who had been killed in battle.  The Civil War produced more than 620,000 military deaths, roughly 2 pe

11148586291?profile=RESIZE_400xA maritime VSAT (Very Small Aperture Terminal) is a two-way satellite internet terminal which receives and transmits real-time data via satellites.  It is vital for many vessels to maintain a high-speed, reliable connection while offshore.  In addition to the importance of connectivity for operations, it also serves a key crew welfare role.  However, VSAT also presents cyber threats to vessels, due to the value of the data they transmit and their role as attack vectors for other technology on bo

11148338501?profile=RESIZE_400xAround the time that the US Federal Bureau of Investigation (FBI) was examining the equipment recovered from the wreckage of the Chinese spy balloon shot down off the South Carolina coast in February, American intelligence agencies and Microsoft detected what they feared was a more worrisome intruder: mysterious computer code that has been popping up in telecommunications systems in Guam and elsewhere in the US.

The code, which Microsoft said was installed by a Chinese government hacking group,

11147291066?profile=RESIZE_400xFortiGuard Labs discovered an ongoing threat campaign targeting YouTube viewers searching for pirated software earlier this month.  Videos advertising downloads of “cracked” (aka pirated) software are uploaded by verified YouTube channels with a large number of subscribers.  Victims are led to execute malicious binaries that install multiple malware into their systems focused on harvesting credentials, cryptojacking, and stealing cryptocurrency funds from wallets.

While investigating this campai

11147225465?profile=RESIZE_400xOn 23 May 2023, US authorities in CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide.  Ransomware actors have accelerated their tactics and techniques since its initial release in 2020 and this guide will assist in helping cyber prevention. The update incorporates lessons learned from the past two years and includes additional recommend

11137467285?profile=RESIZE_400xMultiple vulnerabilities have been recently discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user.  Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.[1]



11143423080?profile=RESIZE_400xThe US President has chosen a US Air Force general to be the next head of US Cyber Command and the National Security Agency (NSA).  An Air Force official confirmed early in the 23rd, that the president nominated Air Force LT GEN Timothy Haugh, currently the deputy commander of Cyber Command at Fort Meade in Maryland.  This pick will be sent to the Senate, which must approve the nomination.

If confirmed, LT GEN Haugh will replace GEN Paul Nakasone, who has served as the head of the NSA and US Cyb

11129335263?profile=RESIZE_400xThe Bank of Canada is more concerned than it was a year ago about the risks posed by high household debt to the Canadian financial system as higher interest rates increase the cost of mortgages, according to its latest financial system review.  Higher borrowing costs mean more households are expected to face financial pressure in the coming years and a decline in housing prices has reduced homeowner equity, according to the annual report published on 18 May.  The bank said many Canadians have le

11137068861?profile=RESIZE_400xA new study found that countless smartphones seized in arrests and searches by police forces across the US are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found.  In response, the largest online marketplace for items seized in US law enforcement investigations now ensures that all phones sold through its platform will be data-wiped before the auction.

Researchers at the University of Maryland last


Partial encryption is a growing trend in the world of ransomware, but with it comes the potential for data recovery on affected files.  We’ll give an overview here on what the term “partial encryption” means.  It is perhaps more accurate to say, “intermittent encryption,” but even so, it will be important to understand this recent trend in how many ransomware infections operate.  From there, we’ll introduce White Phoenix, the freely available tool developed by CyberArk which can be used on part

11136585253?profile=RESIZE_400xThe Superior Court of New Jersey Appellate Division recently upheld a lower court’s finding that the war exclusion in a property insurance policy did not preclude coverage for Merck’s claim stemming from a 2017 cyberattack.  The decision is appropriately heralded as a huge win for policyholders and affirms New Jersey’s longstanding history of protecting policyholders’ reasonable expectations.[1]  

Insurance policies typically contain some form of a war exclusion, which generally bars coverage on

11136873077?profile=RESIZE_400xSeveral Polish media and news websites were hit by distributed denial-of-service (DDoS) attacks that the government said could be the action of Russian hacking groups, the digitalization minister was quoted as saying on 18 May.  Warsaw has positioned itself as one of Ukraine's staunchest allies since Russia invaded the country, and Poland says it frequently faces Russian attempts to destabilize the situation in the country.  Moscow has consistently denied that it carries out hacking operations.

11129281492?profile=RESIZE_400xCyber security researchers infiltrated the Qilin ransomware group, gaining an inside look at how the gang functions and how it rewards affiliates for attacks.  The ransomware-as-a-service group (RaaS), also known by the name “Agenda”, initially emerged in July 2022, attacking a slate of healthcare organizations, tech companies and more across the world.  They have victimized at least 12 organizations since July 2022 from Canada, the US, Colombia, France, Netherlands, Serbia, the United Kingdom a

11129762483?profile=RESIZE_400xA threat actor has control over millions of smartphones distributed worldwide thanks to a piece of malware that has been preinstalled on the devices, Trend Micro warned.   It has been known for several years that smartphones, particularly budget devices, may be shipped with shady firmware that can give companies or other entities access to user data.  One of the best known operations involved Triada, an advanced trojan installed on Android devices whose existence came to light in 2016. 

Since 20

11129787883?profile=RESIZE_400xRed Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

11128908088?profile=RESIZE_400xBianLian is a ransomware developer, deployer, and data extortion cybercriminal group who has targeted organizations in multiple US critical infrastructure sectors since June 2022.  They have also targeted Australian critical infrastructure sectors in addition to professional services and property development. The group gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials, use open-source tools and command-line scripting for discovery and credential harvesting, a