vpn - X-Industry - Red Sky Alliance2024-03-28T16:48:36Zhttps://redskyalliance.org/xindustry/feed/tag/vpnEssential SASE Must-haveshttps://redskyalliance.org/xindustry/essential-sase-must-haves2024-03-04T13:05:00.000Z2024-03-04T13:05:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12391833857,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12391833857,RESIZE_400x{{/staticFileLink}}" width="250" alt="12391833857?profile=RESIZE_400x" /></a>Over the past several years, organizations have been engaged in expanding their multi-edge networking strategies to not only enable new work-from-anywhere (WFA) realities but also support workers as they become increasingly dependent on cloud applications and environments to do their jobs. However, as these networks grow to meet new business demands, the attack surface increases.<a href="#_ftn1">[1]</a></p>
<p>The result is a growing gap between network functionality and security coverage that not only inherently exposes organizations to more points of compromise but also degrades the user experience of those remote workers that still rely on the conventional, virtual private network (VPN)-only solutions to access the network. This is usually because all their application traffic still needs to be backhauled through the network to receive security protections and access controls.</p>
<p>Secure access service edge (SASE) solutions have been developed to address these issues, enabling organizations to rapidly converge and scale out their security and networking strategies. With SASE, they can securely deliver an expanding and dynamic set of new network edges as well as meet the new demands of a hybrid workforce—distributed between on and off network users.</p>
<p>Supporting this new distributed and performance-heavy strategy is now fundamental to succeeding in today’s digital marketplace. Selecting the right SASE vendor to partner with can mean the difference between operational success and struggling to keep all the essential elements working together. In theory, SASE provides secure access to the cloud for users anywhere. However, not all SASE solutions are equal in terms of scalability, security, and orchestration. The best SASE solution should not increase overhead, both in terms of the technologies that need to be implemented and the IT staff needed to get them to work as an integrated system.</p>
<p>Link to the full Fortinet Report: <a href="{{#staticFileLink}}12391833292,original{{/staticFileLink}}">essential-sase-must-haves.pdf</a></p>
<p>This article is presented at no charge for educational and informational purposes only.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: https://www. redskyalliance. org/</li>
<li>Website: https://www. redskyalliance. com/</li>
<li>LinkedIn: https://www. linkedin. com/company/64265941 </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.fortinet.com/">https://www.fortinet.com/</a></p></div>US State Govt Network Breachedhttps://redskyalliance.org/xindustry/us-state-govt-network-breached2024-02-22T17:10:00.000Z2024-02-22T17:10:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12385749895,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12385749895,RESIZE_400x{{/staticFileLink}}" width="250" alt="12385749895?profile=RESIZE_400x" /></a>The US Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee. "This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point," the agency said in a joint advisory published 15 February 2024 alongside the Multi-State Information Sharing and Analysis Center (MS-ISAC). "The threat actor connected to the [virtual machine] through the victim's VPN with the intent to blend in with legitimate traffic to evade detection."</p>
<p>It is suspected that the threat actor obtained the credentials following a separate data breach because the credentials appeared on publicly available channels containing leaked account information. The admin account, which had access to a virtualized SharePoint server, also enabled the attackers to access another set of credentials stored in the server, which had administrative privileges to both the on-premises network and the Azure Active Directory (now called Microsoft Entra ID).<a href="#_ftn1">[1]</a></p>
<p>This further made it possible to explore the victim's on-premises environment and execute various lightweight directory access protocol (LDAP) queries against a domain controller. The attackers behind the malicious activity are presently unknown. A deeper investigation into the incident has revealed no evidence that the adversary moved laterally from the on-premises environment to the Azure cloud infrastructure.</p>
<p>The attackers ultimately accessed host and user information and posted the information on the dark web for likely financial gain, the bulletin noted, prompting the organization to reset passwords for all users, disable the administrator account as well as remove the elevated privileges for the second account. It was noted that neither of the two accounts had multi-factor authentication (MFA) enabled, underscoring the need for securing privileged accounts that grant access to critical systems. It is also recommended to implement the principle of least privilege and create separate administrator accounts to segment access to on-premises and cloud environments.</p>
<p>The development is an indication that threat actors leverage valid accounts, including those belonging to former employees that have not been properly removed from the Active Directory (AD), to gain unauthorized access to organizations. "Unnecessary accounts, software, and services in the network create additional vectors for a threat actor to compromise," the agencies reported. "By default, in Azure AD all users can register and manage all aspects of applications they create. These default settings can enable a threat actor to access sensitive information and move laterally in the network. In addition, users who create an Azure AD automatically become the Global Administrator for that tenant. This could allow a threat actor to escalate privileges to execute malicious actions."</p>
<p><em>This article is presented at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Call for assistance. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></p>
<p>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></p>
<p>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a></p>
<p><a href="#_ftnref1">[1]</a> <a href="https://thehackernews.com/2024/02/us-state-government-network-breached.html">https://thehackernews.com/2024/02/us-state-government-network-breached.html</a></p></div>Let it Bleed – Bleed You: IKEhttps://redskyalliance.org/xindustry/let-it-bleed-bleed-you-ike2022-12-07T14:00:39.000Z2022-12-07T14:00:39.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}10905077878,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10905077878,RESIZE_400x{{/staticFileLink}}" width="220" alt="10905077878?profile=RESIZE_400x" /></a>Back in 1969, the rock group – The Rolling Stones – recorded an album titled “Let it Bleed.” The album sold over 2.4 million copies, and in 1997, it was voted the 27th "Best Album Ever." The current "Bleed You" malicious cyber campaign is far from being popular and is trying to take advantage of a known remote code execution (RCE) vulnerability in Windows Internet Key Exchange (IKE) Protocol Extensions. More than 1,000 systems are unpatched and vulnerable to compromise.<br /> <br />If an attacker gains control of a target computer through some vulnerability and they also gain the power to execute commands on that remote computer, this process is called Remote Code Execution (RCE)</p>
<p>• It is one of the cyber-attacks where an attacker can remotely execute commands on someone’s computer<br />• It usually occurs due to malicious malware downloaded by the host and can happen regardless of the device's geographic location.</p>
<p>Internet Key Exchange (IKE) is a standard protocol to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN). The protocol ensures security for VPN negotiation, remote host, and network access.</p>
<p>A critical role of IKE is negotiating security associations (SAs) for IP Security (IPsec). SAs are security policies defined for communication between two or more entities. A set of algorithms and mutually agreed-upon keys are used and represented by both parties when attempting to establish a VPN tunnel or connection.</p>
<p>There are two versions of IKE standards:</p>
<p>• IKE protocol defined in RFC 2409<br />• IKE version 2 (IKEv2) defined in RFC 7296</p>
<p>The critical flaw, tracked as CVE-2022-34721, has been under active attack since September, a new report from warns, affecting vulnerable Windows OS, Windows Servers, and Windows protocol and services. Once they achieve a compromise, the threat actors move laterally to deploy ransomware and other malware, the investigators observed.</p>
<p>The threat actors speak Mandarin but also have ties to Russian cybercriminals, according to researchers, which adds that the attacks are not limited to a specific sector with targets across retail, government, IT services, and more. Victims likewise were spread across several mostly Western countries, including Canada, the UK, and the US.<br /> <br />Attackers are exploiting vulnerable Windows Server machines via the IKE and AuthIP IPsec Keying Modules by exporting this bug. Researchers advised that users apply patches and fixes as soon as possible to reduce the vulnerability's exploitation severity, researchers advised. The researchers observed that unknown hackers are also sharing the exploit link on the underground forums.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@wapacklabs.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>• Reporting: https://www. redskyalliance. org/ <br />• Website: https://www. wapacklabs. com/ <br />• LinkedIn: https://www. linkedin. com/company/64265941</p>
<p>Weekly Cyber Intelligence Briefings:<br />REDSHORTS - Weekly Cyber Intelligence Briefings<br /><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a> </p></div>Visiting The Dark Webhttps://redskyalliance.org/xindustry/visiting-the-dark-web2022-11-09T02:56:28.000Z2022-11-09T02:56:28.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}10879113465,RESIZE_584x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10879113465,RESIZE_400x{{/staticFileLink}}" width="250" alt="10879113465?profile=RESIZE_400x" /></a>The internet opened the door to a realm of possibilities that permanently changed the business and social landscape and our personal lives. Most users are no longer restricted to dial-up; many of us now consider access to a <a href="https://www.zdnet.com/home-and-office/networking/how-to-fix-your-slow-internet-11-ways-to-speed-up-your-connection/">stable internet connection</a> as a critical aspect of our daily lives. We pay our bills online, check our bank statements, communicate via email, and maintain a presence on social media. Many users rely on the web for work and entertainment, and seeking out information through search engines is customary. </p>
<p>It is not common knowledge that today's most popular search engines, including Google, Bing, Baidu, and <a href="https://www.zdnet.com/article/duckduckgo-brings-is-privacy-focused-browser-to-macs/">DuckDuckGo</a> only index a portion of the internet. The area of the internet we access day to day is known as the clear or surface web. There is also the deep and dark web, and here are some things that you need to know about the differences.</p>
<p>You could consider the clear or surface web the "top" and visible layer of the internet, easily accessible using a browser such as Safari, Chrome, Edge, or Firefox. To refer to the terms dark and deep are sometimes used interchangeably. The deep web is the second layer of the internet, which is not indexed by search engines. Websites and pages in the deep web might include password-protected content, private forums, and personalized resources. As search engine crawlers do not catalog these pages, you would need to know the exact link to access a website in this area of the internet. This could include government services to access your records, health care services, members-only areas, intranets, or corporate resources. </p>
<p>The dark web requires special software to access. You need to install a <a href="https://www.zdnet.com/article/best-vpn/">Virtual Private Network (VPN)</a> and use a <a href="https://www.zdnet.com/article/best-browser-for-privacy/">privacy-central browser</a> such as the Tor network to connect via nodes and proxy servers, which are more secure and aim to anonymize traffic requests. The Tor Browser can access the special domain names, with the suffix .onion, used in the dark web. The aim is to reduce your online footprint as much as possible, anonymize your traffic, and disguise your location. </p>
<p>When the dark web is mentioned online, it is usually in tandem with criminal marketplaces and arrests made by law enforcement agencies. Drugs, weapons, and stolen IP and data are all hot businesses in the dark web, with hundreds of terabytes of offer information. Traders cash in on stolen credit card data dumps, initial access points to vulnerable systems, credentials, and intellectual property belonging to companies comprised during cyberattacks.</p>
<p>According to cyber threat researchers, 48% of organizations have no documented dark web threat intelligence policy, despite the obvious danger. The dark web may have more uses for organizations and individuals than what a small subset of criminals do under its umbrella. There are many legitimate uses for dark web services and communication. For example, this can include tools hosted for combating censorship and critical services for individuals in countries with stringent government surveillance and control, as well as privacy-enhancing anonymous email and whistleblower drop boxes. Some media outlets also maintain an online presence via the dark web when their surface websites are blocked, and other websites do the same when they are banned at the ISP level by countries during unrest and protests. Remaining anonymous can be invaluable to protesters, civil rights groups, journalists, lawyers, and other vulnerable groups.</p>
<p>Unless you know exactly where to go to access a legal and legitimate website, you need to be aware of some of the risks you might be taking. These include:</p>
<ul>
<li><strong>Illegal marketplaces</strong>: If you stumble upon an underground marketplace, you will find all items and services for sale, including drugs, weaponry, counterfeit documents, stolen information, and malware. However, just because you are on the dark web and may be using cryptocurrency for purchases does not mean you will not be tracked down.</li>
<li><strong>Scams</strong>: As the Wild West of the web, even if you take the chance and try to buy something illegal, you could be scammed. Sellers are often not what they seem. </li>
<li><strong>Visits to extreme content</strong>: It is not that likely unless you intend to find it, but if you stumble upon extreme or abusive content, you might find yourself subject to an investigation by law enforcement. It should also be noted that downloading such content is often illegal.</li>
<li><strong>Malware</strong>: In the same way as the clear web, websites and resources found here may hide malicious software designed to compromise your PC or mobile device. Malware can include information stealers, Trojans, <a href="https://www.zdnet.com/article/ransomware-an-executive-guide-to-one-of-the-biggest-menaces-on-the-web/">ransomware</a>, or exploit kits. You may also be subject to <a href="https://www.zdnet.com/article/what-is-phishing-how-to-protect-yourself-from-scam-emails-and-more/">phishing</a> attempts. </li>
</ul>
<p>Red Sky Alliance does not recommend that anyone other than trained cyber threat professionals visit or research the dark web. If you need/want to access dark web resources, these are the steps you need to take.</p>
<p><strong>1.0</strong> Use a VPN that will mask your location and stop the online breadcrumbs that can lead back to you. Connections made while a VPN is active will also be encrypted, helping you stay protected from eavesdropping and Man-in-The-Middle (MITM) attacks. You can usually select the location you want to appear to originate from, and VPNs will use a collection of servers and relays to make tracing your IP difficult. </p>
<p>VPNs are also used for accessing geo-locked content hosted by streaming services. The best options are paid-for and subscription-based, as <a href="https://www.zdnet.com/article/best-free-vpn/">many free options</a> will either throttle your speed or collect your data. </p>
<p><strong>2.0</strong> You will need to visit the <a href="https://www.torproject.org/">Tor Project</a> to download the Tor Browser, a browser that prevents online fingerprinting, circumvents website blocks, and stops trackers from building profiles based on browsing habits. </p>
<p>The <a href="https://www.torproject.org/download/">Tor Browser</a> uses different layers of encryption to further strengthen your anonymity. It has integrated the <a href="https://www.zdnet.com/article/how-to-boost-your-browsers-privacy-with-duckduckgo-privacy-essentials/">DuckDuckGo search engine</a>, a system that does not save or log your search queries. You should check the settings, and if you want a more secure experience, go for the "safer" or "safest" options, which also disable potentially dangerous website functionality, such as rogue JavaScript.</p>
<p>The Tor network is operated by thousands of volunteers worldwide who maintain the proxy servers that protect your identity. You can download the Tor Browser for Windows, macOS, Linux, and Android. </p>
<p>A VPN and Tor should be used together, and connecting via a VPN to Tor, rather than vice versa, is advisable for the best protection possible. In addition, if you're concerned about malware or exploits, you could also consider using a <a href="https://www.zdnet.com/article/how-to-create-the-perfect-windows-11-virtual-machine/">virtual machine</a> (VM). </p>
<p><strong>3.0</strong> To access a dark web resource, you must know its web address. These websites will also use .onion top-level domain names, many of which will be long, random combinations of letters and numbers. </p>
<p>Several directories host .onion links and websites, but you should always demonstrate caution. Some will lead you to commercial sites ranging from cryptocurrency mixers to drugs and fake passport offerings; others are non-commercial and include legal content, such as education and training workshops, forums, and personal blogs. DefCon, ProPublica, the CIA, various libraries, and open-source software providers also feature in this area of the internet. </p>
<p>It would help if you remembered that accessing dark web resources in most countries is <strong>legal</strong>, but conducting criminal activities via the dark web is<strong> illegal</strong><strong>.</strong> </p>
<p>Suppose you are visiting websites on the dark web that are not adequately protected. In that case, you may make yourself the subject of scrutiny or investigation even if there is no evidence of illegal activities or purchases. A VPN can help disguise your use of Tor and visits to dark web resources. Consider outfitting a “clean” computer for dark web activities that do not hold your primary email address or other accounts. And be prepared to completely “wipe” this computer immediately if unusual activity begins to appear. Being hidden does not translate into being completely protected from the possibility of tracking or, when it comes to illegal activities, of risk.</p>
<p> </p>
<p>Red Sky Alliance offers Dark Web investigation services that can be found at: </p>
<p><a href="https://www.wapacklabs.com/redpane%C2%A0%C2%A0">https://www.wapacklabs.com/redpane </a></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs. com</a> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www. redskyalliance. org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www. wapacklabs. com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www. linkedin. com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p><a href="https://www.zdnet.com/article/your-complete-guide-to-the-dark-web-and-how-to-safely-access-onion-websites/?ftag=TRE-03-10aaa6b&bhid=%7B%24external_id%7D&mid=%7B%24MESSAGE_ID%7D&cid=%7B%24contact_id%7D">https://www.zdnet.com/article/your-complete-guide-to-the-dark-web-and-how-to-safely-access-onion-websites/?ftag=TRE-03-10aaa6b&bhid=%7B%24external_id%7D&mid=%7B%24MESSAGE_ID%7D&cid=%7B%24contact_id%7D</a></p></div>Spyware Can Ruin Your Dayhttps://redskyalliance.org/xindustry/spyware-can-ruin-your-day2022-02-16T17:23:08.000Z2022-02-16T17:23:08.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}10111959299,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}10111959299,RESIZE_400x{{/staticFileLink}}" width="250" alt="10111959299?profile=RESIZE_400x" /></a>In recent years, our digital selves are now an established part of our identity. The emails we send, the conversations we have over social media both private and public as well as the photos we share, the videos we watch, the apps we download, and the websites we visit all contribute to our digital personas. There are ways to prevent a government agency, country, or cybercriminal from peeking into our digital lives. Virtual private networks (VPNs), end-to-end encryption, and using browsers that do not track user activity are all common methods. Governments, government agencies, and law enforcement agencies are now taking advantage of sophisticated spyware developed by companies like NSO. When implanted on a device, it can be extremely difficult to detect or remove.</p>
<p>The following briefing will run through different forms of malicious software on your iOS or Android handset, what the warning signs of infection are, and how to remove such pestilence from your mobile devices if it is possible to do so. To put an end to any electronic spying activity, consider buying some stationary, envelopes, a roll of postage stamps, and a couple of ink pens. You will be able to communicate, but response time may become a factor.<a href="#_ftn1">[1]</a></p>
<p>Nuisanceware, which often comes in software bundles together with legitimate, free programs. Also known as Potentially Unwanted Programs (PUP), this sort of software may interrupt your web browsing with pop-ups, change your homepage settings by force, and may also gather your browsing data in order to sell it off to advertising agencies and networks. Sometimes, nuisanceware packages are bundled with legitimate apps (at no additional charge).</p>
<p>Although considered Malvertising, Nuisanceware is generally not dangerous or a threat to your core security although it may collect some of your personal data. Antivirus solutions and app scans will normally pick PUP up and wipe it from your handset without too much fuss.</p>
<p>Spyware and Stalkerware are types of software often unethical and sometimes dangerous that can result in the theft of data including images, video, call logs, contact lists, and more. These types of software are sometimes found on desktop systems, but they are now most commonly implanted in mobile handsets across all operating systems.</p>
<p>Operators, whether fully-fledged cybercriminals, government agents, or your family or friends may be able to use the software to monitor emails, SMS, and MMS sent and received, to intercept live calls for the purpose of eavesdropping across standard telephone lines or Voice over IP (VoIP) applications, to covertly record environmental noise or take photos; to track GPS locations, and to compromise commonly-used social media apps including Facebook and WhatsApp.</p>
<p>Stalkerware is considered the next step up from generic spyware. The difference between them is that Spyware is usually more generic in purpose; stealing OS and clipboard data, anything of potential value, such as cryptocurrency wallet data or account credentials. Stalkerware is downloaded to spy on someone as an individual, usually in cases of domestic abuse. Spyware and Stalkerware are found less commonly in the enterprise, although some software solutions are marketed for companies to keep track of employee mobile devices and their activities.</p>
<p>The legal lines here can be crossed, but if a mobile device belongs to a company and is used by a staff member in the full knowledge that it is tracked or monitored, then this may be considered accepted as part of a workspace. In these cases, employees should keep their private lives, social media, and emails on their own smartphone or tablet and off company property.</p>
<p>Spyware and Stalkerware Apps in use:</p>
<ul>
<li>SpyPhone Android Rec Pro: This spyware claims to offer "full control" over a smartphone's functions, including listening in on the background noise of calls and recording them in their entirety; intercepting and sending copies of SMS and MMS messages sent from the victim's phone; sending activity reports to the user's email address; and more.</li>
<li>FlexiSpy: One of the most well-known forms of stalkerware, FlexiSpy markets itself using the slogan: "Know Everything that Happens on a Computer or Smartphone, No Matter Where You Are." FlexiSpy is able to monitor both Android smartphones and PCs and is willing to deliver a device with the malware pre-installed to users. The spyware is able to listen in on calls, spy on apps including Facebook, Viber, and WhatsApp, turn on the infected device's microphone covertly, record Android VoIP calls; exfiltrate content such as photos, and intercept both SMS messages and emails. At the time of writing, marketing seems to be geared -- at least, publicly to parents and business owners.</li>
<li>PhoneSpector: Designed for both Android and iOS handsets, PhoneSpector claims to offer a means to "get texts, call history, GPS location, and more without having the phone in your possession."</li>
</ul>
<p>Mobile Tracker, FoneMonitor, Spyera, SpyBubble, Android Spy, and Mobistealth are a few more examples of spyware and stalkerware which offer similar features.</p>
<p>Highly advanced spyware, known as Pegasus, is offered by NSO Group, an Israel-based company that markets itself as a provider of solutions to "help government agencies prevent and investigate terrorism and crime to save thousands of lives around the globe." In July 2021, reports claimed that Pegasus is being used to target government officials (including those in Poland), civil rights activists, lawyers, and journalists worldwide. NSO Group has denied these accusations, but this ha not stopped the US Department of Commerce from sanctioning the company along with Candiru, Positive Technologies, and Computer Security Initiative Consultancy (COSEINC) for selling spyware used to attack individuals and businesses.</p>
<p>Apple has also launched a lawsuit against the company, seeking a permanent injunction to prevent NSO from using Apple software, services, or devices in the future. In other words, the court case is intended to stop NSO from being able to develop or sell iOS-based spyware.</p>
<p>If you receive odd or unusual social media messages or emails, this may be a warning sign. You should delete them without clicking on any links or downloading any files. The same goes for SMS content, which may contain links to lure you into unwittingly downloading spyware.</p>
<p>Cyber threat actors in an effort to catch victims unaware, these messages known as phishing attempts will attempt to lure you into clicking a link or executing software that hosts a Spyware/Stalkerware payload. Should criminals try this tactic, they need their victims to respond. In order to ensure this, messages may contain content designed to induce panic, such as a demand for payment or a failed delivery notice. Messages could potentially use spoofed addresses from a contact you trust as well. In the case for Stalkerware, initial infection messages may be more personal and tailored to the victim. Physical access or the accidental installation of spyware by the victim is required. Infections can take less than a minute to install some variants of spyware and stalkerware.</p>
<p>If your mobile phone is missing and reappears with different settings or changes that you do not recognize or it has been confiscated for a period of time, this may be an indicator of tampering.</p>
<p>Surveillance software is becoming more sophisticated and can be difficult to detect. Not all Spyware and Stalkerware apps are invisible and it is possible to find out if you are being monitored.</p>
<p>Am I already being monitored? Android: this is easy on an Android device, as there is a setting that allows apps to be downloaded and installed outside of the official Google Play Store. If enabled, this may indicate tampering and jailbreaking without consent. Not every form of Spyware and Stalkerware requires a break-in attempt.</p>
<p>This setting is found in modern Android builds in Settings > Security > Allow unknown sources. (This varies depending on device and vendor.) You can also check Apps > Menu > Special Access > Install unknown apps to see if anything appears that you do not recognize, but there is no guarantee that Spyware will show up on the list.</p>
<p>Some forms of spyware will use generic names and icons to avoid detection. If a process or app comes up on the list you are not familiar with, a quick search online may help you ascertain whether it is legitimate.</p>
<p>iOS: iOS devices that are not jailbroken are generally harder to install with malware unless a zero-day exploit is used. The presence of an app called Cydia, which is a package manager that enables users to install software packages on a jailbroken device, may indicate tampering (unless you knowingly downloaded the software yourself).</p>
<p>You may experience unexpected handset battery drain and overheating, as well as unexpected or strange behavior from the device operating system or apps. But in the latter case, many Spyware operators will be hard to detect as the software is developed to be as silent as possible. An open-source project developed by Amnesty International, MVT (Mobile Verification Toolkit), is a cyber forensics package able to scan for advanced spyware on mobile devices. However, this is most suited to investigators.</p>
<p>By design, Spyware and Stalkerware are hard to detect and can be equally hard to remove. It is not impossible in most cases, but it may take some complicated steps on the user’s part. When it comes to highly advanced spyware suites the only option may be to abandon your device. Remember to buy the stationery and postage stamps.</p>
<p>When removed, in the case of Stalkerware, some operators will receive an alert warning them that the victim's device has been cleaned up. In addition, should the flow of information suddenly cease, this is a clear indicator that the malicious software has been eradicated.</p>
<p>Some removal options:</p>
<ol>
<li>Run a malware scan: There are many mobile antivirus solutions available that may be able to detect and remove basic forms of spyware. This is the easiest solution available, but it may not prove effective in every case. Cybersecurity vendors including Malwarebytes, Avast, and Kaspersky all offer spyware-scanning tools. You can try downloading them and performing a scan to wipe out infections.</li>
<li>Change all of your passwords: If you suspect account compromise, change every password on every important account you have. Many of us have one or two central accounts, such as an email address, which will act as a hub for other accounts and password recovery. Begin there. It might also be a good idea to remove access to any "hub" services you use from a device you think has been compromised.</li>
<li>Enable two-factor authentication (2FA): When account activity and logins require further consent from a mobile device, this can also help protect individual accounts. However, spyware may intercept the codes sent during 2FA protocols.</li>
<li>Consider creating a new email address: Known only to you, the new email becomes tethered to your main accounts.</li>
<li>Update your OS: It may seem obvious, but when an operating system releases a new version, which often comes with security patches and upgrades, this can if you are lucky cause conflict and problems with spyware. In the same way as antivirus solutions, keep this updated.</li>
<li>Protect your device physically: A PIN code, pattern, or enabling biometrics can protect your mobile device from future tampering. However, it will not help if a device has already been compromised.</li>
<li>If all else fails, factory reset... or junk it: Performing a factory reset and clean install on the device you believe is compromised may help eradicate some forms of Spyware and Stalkerware. Ensure you remember to back up important content first. On Android platforms, this is usually found under Settings > General Management > Reset > Factory Data Reset. On iOS, go to Settings > General > Reset.</li>
</ol>
<p>Some Stalkerware services may survive factory resets, consider restoring to factory levels first and then consider disposing of your device.</p>
<p>Advanced versions of Spyware - government-grade spyware can be more difficult to detect. Included in a guide on Pegasus published by cybersecurity firm Kaspersky, there are some actions you can take to mitigate the risk of being subject to such surveillance, based on current research and findings.</p>
<ul>
<li>Reboots: Rebooting your device daily to prevent persistence from taking hold. The majority of infections have appeared to be based on zero-day exploits, with little persistence, and so rebooting can hamper attackers.</li>
<li>"We analyzed one case in which a mobile device was targeted through a zero-click exploit (likely FORCED ENTRY)," Kaspersky says. "The device owner rebooted their device regularly and did so in the next 24 hours following the attack. The attackers tried to target them a few more times but eventually gave up after getting kicked a few times through reboots."</li>
<li>Disable iMessage and Facetime (iOS): The researchers say that as features enabled by default, iMessage and Facetime are attractive avenues for exploitation. A number of new Safari and iMessage exploits have been developed in recent years.</li>
<li>Consider using a browser other than Safari, default Chrome. Kaspersky says that some exploits do not work "as well" on alternatives such as Firefox Focus.</li>
<li>Use a trusted, paid VPN service, and install an app that warns when your device has been jailbroken. Some AV apps will perform this check.</li>
</ul>
<p>The researchers also recommend that you make iTunes and sysdiags backups (iOS) if you suspect an infection, as they will help researchers diagnose a device properly.</p>
<p>It is also recommended that individuals who suspect a Pegasus infection make use of a secondary device, preferably running GrapheneOS, for secure communication.</p>
<p>"Use a prepaid card in it, or, only connect by Wi-Fi and TOR while in airplane mode," the researchers say. "Avoid messengers where you need to provide your contacts with your phone number."</p>
<p>Both Google and Apple are generally quick to notice if spyware or other forms of malicious apps manage to circumvent the privacy and security barriers imposed for applications hosted in their respective official app stores. In July 2019, Google removed seven apps from the same Russian developer from the Play Store. While marketed as employee and child trackers, the tech giant took a dim view of their overreaching functions including GPS device tracking, access to SMS messages, the theft of contact lists, and potentially the exposure of communication taking place in messaging applications.</p>
<p>When it comes to Apple, the iPad and iPhone maker began a crackdown on parental control apps several years ago, citing privacy-invading functions as the reason for some iOS apps to be removed from the App Store. In some cases, Apple requested developers to remove functions, whereas, in others, the apps were simply removed. The company offers its own parental device control service called Screen Time for parents who want to limit their child's device usage.</p>
<p>Surveillance without consent is unethical. In domestic situations, it causes a severe imbalance in power. If your sixth sense says something is wrong, investigate. An easy to replace mobile phone is not worth sacrificing your privacy and personal security. </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization that has long collected and analyzed cyber indicators. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p> </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a> </li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.zdnet.com/article/how-to-find-and-remove-spyware-from-your-phone/">https://www.zdnet.com/article/how-to-find-and-remove-spyware-from-your-phone/</a></p></div>Back to Basics - Cyber Security for 2021https://redskyalliance.org/xindustry/security-for-20212020-12-28T20:44:12.000Z2020-12-28T20:44:12.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}8354614496,original{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}8354614496,RESIZE_400x{{/staticFileLink}}" width="250" alt="8354614496?profile=RESIZE_400x" /></a>Regarding cybersecurity, misconfigurations can create exploitable issues that can cause vulnerabilities later. The following are some common-sense security misconfigurations that can easily be avoided.<a href="#_ftn1">[1]</a></p>
<p>Development permissions that do not get changed when something goes live. For example, AWS S3 buckets are often assigned permissive access while development is going on. The issues arise when security reviews are not carefully performed prior to pushing the code live, no matter if that push is for the initial launch of a platform or for updates. The result is straight-forward; a bucket goes live with the ability for anyone to read and write to and from it. This misconfiguration is dangerous. Since the application is working and the site is loading for users, there is no visible indication that something is wrong until a threat actor hunting for open buckets stumbles upon it.</p>
<p>Careful security reviews of all applications and sites before they get pushed to the live environment both for initial launch and for update cycles are critical in catching this type of misconfiguration. Each bucket should be checked to ensure that it has the least viable permissions set on it to allow the platform to work, and nothing more.</p>
<p>For non-cloud issues, one of the most common misconfigurations is not enforcing Group Policy, anti-malware, and other centralized management rules and updates. Laptops that rarely ever connect directly to a company network may go for months without getting these critical changes, leaving them undefended as the security landscape changes. One common example is a laptop that has been roaming for an extended period. Such a laptop may not be permitted to receive Active Directory Group Policy updates when it is not on a VPN or other secured connection, which would lead to its GPO's becoming out of date over time. This means that prohibited actions or operations may be possible on such a laptop, leaving the protected network exposed when that device finally does connect in such a way that it once more has access to protected resources.</p>
<p>The fix for this is to ensure that devices with access to organizational resources must accept organizational management changes. Tools like AzureAD and de-centralized anti-malware platforms can allow remote devices to receive updates securely. HTTPS connectivity is generally enough for these tools to push updates and enforce policy changes. Using distributed device management ensures that they are kept in-line with policy, even devices that are only used to access cloud-available resources, like Office365, and do not directly connect to the organization's protected networks regularly.</p>
<p>Many such tools, especially anti-malware systems do not even require that the device be managed by Mobile Device Management platforms. This means that even if the device is not otherwise "owned" by the organization, it can still be kept up to date and protected.</p>
<p>Remote workers provide more security issues to address, there is another misconfiguration that occurs with regularity. VPN systems allow remote workers to access company data safely, but many VPN clients default to an insecure configuration out-of-the-box. Split-tunnel VPN configurations route user traffic over the secure network only when protected systems are being accessed but send all other traffic directly to the Internet. This means that when a user attempts to reach a file server, they do so over the VPN, but a call to Salesforce goes over the unprotected Internet. While this benefits performance, the problem it creates is that a user's device may create a bridge between the outside world and the internal network. With a bit of social engineering, a threat actor can create a persistent connection to the user's device and then leverage that user's VPN tunnel to break into the protected network.</p>
<p>The vast majority of VPN clients support single-tunnel configurations. This means that while the VPN is active, all traffic will route through organizational networks, including traffic destined for external sources. It also means that all traffic will also be subject to the same controls as traffic that is originating from users directly connected to the protected networks.</p>
<p>While misconfigurations can happen very easily, they pose a clear threat to the organization's security. Taking the time to review security when tools are pushed to live or updated can catch such misconfigurations. In addition, companies can deploy continuous security validation tools that continuously challenge and assess digital environments in much the same way as a threat actor does to discover misconfigurations rapidly. Combining these two approaches of reviews and continuous security validation adds some complexity to projects but is worth every moment spent on ensuring that things are configured adequately at every step of the way. </p>
<p>Red Sky Alliance has been analyzing and documenting cyber threats and vulnerabilities for over 9 years and maintains a resource library of malware and cyber actor reports. Specifically, our analysts are currently collecting and analyzing the supply chains inside the transportation sector. For many years we have believed the supply chain is the Achilles Heel to the over-all cyber network. </p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or <a href="mailto:feedback@wapacklabs.com">feedback@wapacklabs.com</a> </p>
<p>Weekly Cyber Intelligence Briefings:<br /> <a href="https://attendee.gotowebinar.com/register/8782169210544615949">https://attendee.gotowebinar.com/register/8782169210544615949</a></p>
<p> </p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p> </p>
<p> </p>
<p><a href="#_ftnref1">[1]</a> <a href="https://thehackernews.com/2020/12/common-security-misconfigurations-and.html">https://thehackernews.com/2020/12/common-security-misconfigurations-and.html</a></p></div>Phishing & How NOT to Get Caughthttps://redskyalliance.org/xindustry/phishing-how-not-to-get-caught2020-07-08T15:58:46.000Z2020-07-08T15:58:46.000ZJim McKeehttps://redskyalliance.org/members/JimMcKee<div><p><a href="{{#staticFileLink}}6643007679,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}6643007679,RESIZE_400x{{/staticFileLink}}" alt="6643007679?profile=RESIZE_400x" width="250" /></a>I have written about Phishing before and I will continue to warn friends and colleagues about phishing and their tactics. Phishing is the start of almost all serious cyber breaches. In early 2020, cloud security expert, Wandera, revealed in its Mobile Threat Landscape Report that a new phishing campaign is launched every 20 seconds. Twenty seconds equates to three additional phishing sites designed to target users in every minute. However, this number no longer applies during COVID-19 times. Phishing has seen a rapid increase starting from when the pandemic went global during the first quarter of 2020. According to security firm Barracuda Networks, there was a 667% spike in email phishing attacks in March 2020 due to coronavirus pandemic. This new data reveals how cybercriminals are taking advantage of the people’s concerns due to the pandemic.</p>
<p>This increase in phishing scams is not unique to corona-related attacks alone. There has also been an increase in invoice/payment scams and credential theft as the whole world switches to work-from-home arrangements. The best way to guard against phishing scams is early detection. Being able to determine a phishing email from a legitimate email helps a lot in preventing the nasty consequences of phishing campaigns, including data theft, malware infection, money theft, and others. Protecting your privacy by using a VPN also minimizes your chance of being targeted by phishing attacks.</p>
<p>To foil your enemy, you must understand more about the enemy, as cybersecurity investigators have noted in the latest and most widely-used phishing tactics in 2020. And, we are only halfway through this year. </p>
<p>Here are their findings:</p>
<p>Corona-related phishing attacks: As mentioned above, the most popular phishing strategy right now piggybacks on the public’s fear of the coronavirus. In March 2020 alone, Barracuda detected 9,116 COVID-19-related attacks, which represents 2% of the total 467,825 spear-phishing email attacks detected for that month alone. There are three main types of attacks that use the coronavirus as the hook: scamming, brand impersonation, and business email compromise. Some of the scams you need to watch out for include fake corona cures, face masks, donation requests for companies that claim to be developing vaccines, and fake charities. Some scams claim to be from the World Health Organization (WHO), asking for donations through Bitcoin.</p>
<p>Aside from scams, attackers also deploy malware through phishing emails. Some of the well-known malware related to COVID-19 are Emotet, a popular banking Trojan, the Ursnif banking Trojan, the Fareit information stealer, the COVID-19 ransomware, Azorult, NetWalker, Nanocore RAT, and the Hancitor trojan.</p>
<p>Invoice/Payment phishing scams: With so many people forced to work at home because of the pandemic, most of the business transactions are conducted online, including financial processes such as payroll and invoicing. As a result, attackers who specialize in invoice phishing scams have substantially more victims to target. This type of phishing involves sending a payment reminder to a vendor, brand, and even individuals, letting the receiver know that an important invoice is attached. Clicking the invoice could either redirect the user to a phishing website where he or she is directed to pay the invoice or malware/ransomware could be downloaded to the victim’s computer. This scam is also used in reverse, a hacker will inform you that they are trying to issue a payment to you.</p>
<p><a href="{{#staticFileLink}}6643023884,RESIZE_1200x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}6643023884,RESIZE_400x{{/staticFileLink}}" alt="6643023884?profile=RESIZE_400x" width="250" /></a>Update payment alerts: Aside from invoice phishing, update payment alerts are also common. No one wants to suffer from a service outage, especially during this pandemic situation. This is what makes update payment scams so effective. Imagine getting an email about your Internet company terminating your connection if you are not updated with your payments or receiving an email from Netflix temporarily restricting your account until your balance has been paid off. In the time of the COVID-19 pandemic, nothing could be scarier than having no Internet or Netflix.</p>
<p>Hackers are feeding on people’s dependence on these services to gain money. They usually send an email stating that there is a problem with your credit card or there is an issue with your payment, asking you to log in and update your payment details. Some attackers go as far as hacking the company and identify the employee responsible for managing accounts like these.</p>
<p>Security Alerts: This type of phishing scam never goes out of style. In fact, it is a daily occurrence. But getting security alerts from banks, email providers, and cloud services companies can be troubling, especially since the emails are becoming more sophisticated in their imitation of legitimate companies. These phishing emails look very real and web pages users have seen before. Common security alerts include expiring password warnings, suspicious activity detected, suspicious logins, and others. When the user clicks the link, the victims are compromising their privacy instead of protecting it.</p>
<p>How to Protect Against Phishing Scams: Your first defense against scams like these is to be aware that they exist. By being aware, you will be more vigilant when you open your emails. Here are some ways to determine the authenticity of the emails you receive:</p>
<ul>
<li>Check the sender’s email. Compare the email address with the previous emails you received from that business or company. If the domain extension is different, then the email is likely a scam.</li>
<li>Use a reliable VPN to help you stay anonymous online. This will minimize the personal information that hackers can collect from you that can be used for phishing. Check out VPN review sites, such as VPN Watch, where you can find a top security solution for your needs.</li>
<li>Never click on links or attachments without verifying the authenticity of the email. If you have other contact details of the sender, confirm with him or her about the email you received. It is worth the extra few steps.</li>
<li>Check on the grammar and sentence structure of the email. Professional emails from businesses and companies undergo proofreading to make sure that the text looks and sounds professional. If it sounds like it was churned out by a translating machine, then be very suspicious.</li>
<li>Do not log into your account by clicking on the link. Open a separate browser and visit your account from there to verify if there have been any changes.</li>
</ul>
<p>Training and instruction from cyber professionals are always cheaper than absorbing the costs of remediation, paying ransoms, or having confidential data exposed or auctioned to the highest bidder. And what do you do if you get a phishing email? Delete them.</p>
<p>What can you do to better protect your organization today?</p>
<ul>
<li>Proper data back-up and off-site storage policies should be adopted and followed.</li>
<li>Institute cyber threat and phishing training for all employees, with testing and updating.</li>
<li>Phishing is normally the first step in a broader attack campaign.</li>
<li>Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.</li>
<li>Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.</li>
<li>RedXray® NOW includes Ransomware Protection up to $25, 000 Standard, & 100,000 for Enterprise Level Businesses*.</li>
<li>Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.</li>
</ul>
<p>Our analysts strongly recommend ongoing monitoring from both internal and external network perspectives for your company and your shipping supply chain. Internal monitoring is common practice. However, external threats are often overlooked and can represent an early warning of impending attacks. </p>
<p><strong>Red Sky Alliance</strong> strongly recommends ongoing monitoring from both internal and external perspectives. Internal monitoring is common practice. However, external threats are often overlooked and can represent an early warning of impending attacks. Red Sky Alliance can provide both internal monitorings in tandem with RedXray notifications on external threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting. Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at <strong>1-844-492-7225, or feedback@wapacklabs.com</strong></p>
<p>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a><br /> Website: <a href="https://www.wapacklabs.com/">https://www.wapacklabs.com/</a><br /> LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a><br /> Twitter: <a href="https://twitter.com/redskyalliance">https://twitter.com/redskyalliance</a></p></div>Iranian Protests: Communication Bans & Targeting of Protestorshttps://redskyalliance.org/xindustry/iranian-protests-communication-bans-targeting-of-protestors2018-01-08T22:01:06.000Z2018-01-08T22:01:06.000ZBrenton Davishttps://redskyalliance.org/members/BrentonDavis<div><p align="center" style="text-align: right;"><span style="color: #339966;"><b>TLP GREEN</b></span></p>
<p align="center"><b>TACTICAL CYBER INTELLIGENCE REPORT</b></p>
<p align="right">Actor Type: N/A</p>
<p align="right">Serial: TR-18-005-001</p>
<p align="right">Countries: US, SB, IR, SY</p>
<p align="right">Report Date: 20180105</p>
<p style="text-align: center;"><b>Iranian Protests: Communication Bans & Targeting of Protestors</b></p>
<p>Wapack Labs has been monitoring the developing Iran protests. By Day 9, Wapack analysts observed an uptick in Internet and communication restrictions, including social media platforms, phone applications, encrypted/secure messaging, and Virtual Private Network (VPN) services, and other platforms.</p>
<p>Formerly accepted by the Iranian government, the Instant Messaging Service ‘Telegram’, which had tremendous activity on Day 2 of the protests, is now disabled. At the moment, Google is preventing Iranians from using the Google Search Engine and from using ‘Signal’, an end-to-end encryption messenger that circumnavigates government filtering. To date, ProtonMail’s free VPN service for Android phones, is the only means of providing anonymity for Iranian citizens.</p>
<p>As the Iranian government continues to disrupt communications, they are implementing scare tactics to persuade protestors to stop the movement. Irancell, a mobile network service provider, is tracking down its’ users - who have posted videos and pictures online - and sending them text notifications, warning them that they have been participating in illegal protests. Additionally, the Twitter account of the Tasnim News Agency (@Tasnimnews_Fa) is posting pictures of protestors, asking followers to identify protestors and report them to Iranian security forces.</p>
<p>The current climate in Iran may give way to another wave of Iranian cyber hacktivists targeting the anti-regime demonstrators. Wapack Lab continues to monitor the situation.</p>
</div>