X-Industry

The holiday shopping season is almost upon us, and with all the great sales and promotions come the usual cyber scams. While generally quick and convenient, shopping online can leave you vulnerable to scammers if you are not cautious. Based on a consumer survey, a new report from Norton looks at how scams are a common concern among shoppers and how to protect yourself while holiday shopping online.

Check out the 2024 Cyber Safety Insights Report.

Norton incorporated the results of a survey condu

The Black Basta group is a Ransomware-as-a-Service (RaaS) provider that has been in operation since at least April of 2022.  The group is believed to be comprised of former members of the ransomware groups Conti and REvil.  The reason for this belief is driven by several factors, such as the similarities in their tactics and their rapid integration into the cybercriminal ecosystem.

Black Basta is credited as having victimized over 500 organizations.  In the first quarter of 2024, the group had c

Red Sky Alliance monthly queries our backend databases, identifying all new data containing supply chain keywords in the subject line of malicious emails.  Malicious actors use emails with various supply chain related keywords as a lure to entice users in the maritime industry to open emails containing malicious attachments.  The identified emails attempted to deliver malware or phishing links to compromise the entire Transportation Supply Chain.  Specific names or key words in the transporta

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

Due to economic turbulence and a relentless surge in cyber threats, today's cybersecurity landscape requires enterprises to remain resilient by adapting to security risks.  Many organizations have chosen to adapt to these risks by embracing modern technology such as generative artificial intelligence (GenAI), which can present new risks if not implemented properly.  The speed at which companies innovate and adopt new technology is far outpacing the security measures that must be addressed first.

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages designed to harvest users' credentials.  Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content.  Malicious links direct the browser to automatically refresh or reload a web page immediately without requiring user interact

The underground market for large illicit language models is lucrative, said academic researchers who called for better safeguards against artificial intelligence misuse.  Academics at the Indiana University Bloomington[1] identified 212 malicious LLMs on underground marketplaces from April through September 2024.  The financial benefit for the threat actor behind one of them, WormGPT, is calculated at US$28,000 over two months, underscoring the allure for harmful agents to break artificial intel

In August 2024, FortiGuard Labs observed a python infostealer we call Emansrepo that is distributed via emails that include fake purchase orders and invoices.  Emansrepo compresses data from the victim’s browsers and files in specific paths into a zip file and sends it to the attacker’s email.  According to our research, this campaign has been ongoing since November 2023.  The attacker sent a phishing mail containing an HTML file, which was redirected to the download link for Emansrepo.  PyInsta

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

A new malware called "Voldemort" has been making waves in recent weeks, sending over 20,000 emails worldwide as it spreads through phishing attacks.  Discovered by IT security researchers at Proofpoint on 5 August, this malware has proven to be very deceptive.  "Voldemort" employs a sophisticated tactic to evade detection: it disguises its network traffic as legitimate by using Google Sheets as an interface.  This method allows the malware’s data transmissions to appear harmless, slipping past s

FortiGuard Labs recently caught a phishing campaign with a malicious Excel document attached to the phishing email.  Analysts performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger.  Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities.  It is a .NET-based software originally sold on a hacker forum.  Once executed on a victim’s computer, it can steal sensitive data, including saved

Microsoft was anxious to put generative AI at the heart of its systems.  Ask a question about an upcoming meeting, and the company’s Copilot AI system can pull answers from your emails, Teams chats, and files, a potential productivity boon.  However, these exact processes can also be abused by hackers.   On 08 August 2024, at the Black Hat security conference in Las Vegas, researcher Michael Bargury demonstrated five proof-of-concept ways that Copilot, which runs on its Microsoft 365 apps, such

On 17 July 2024, cybersecurity experts gathered at Cecil College[1] for the Cyber Security in Agriculture Forum to discuss the escalating threats to digital information and privacy across all sectors, specifically agriculture.  Panelists unanimously agreed that cyber threats are increasing in frequency and sophistication, posing significant risks to individuals, small businesses, corporations, and large public entities.

The forum began with an overview of the current cybersecurity landscape, hig

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

As the 2024 Paris Summer Olympics approach, a sophisticated Russian disinformation campaign is in high gear to sow confusion, undermine the Games, and dissuade spectators from attending.  This is according to a new report from the Microsoft Threat Analysis Center (MTAC) that outlines extensive malign influence efforts emanating from Russia-aligned actors.  "In just under three months, after traversing more than 3,000 miles across 450 French towns, the Olympic flame will be lit at the Opening Cer

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

In case you have not heard, 2024 is a big year for cicadas.  Cicada (family Cicadidae) is a family of more than 3,000 species of sound-producing insects. Cicadas are found worldwide in tropical and temperate areas and occur in deserts, grasslands, and forests.  Cicadas have been used in folk medicines, as religious and monetary symbols, and as an important source of food for humans and many other organisms. The cicada appears in the mythology, literature, and music of many cultures, including so

DEV#POPPER is a social engineering campaign that has been tracked recently by the Securonix Threat Research team.  Social engineering is a topic we have covered many times, but ultimately what it boils down to is that social engineering attacks are generally geared towards tricking victims into compromising themselves.  With that in mind, the primary target for the DEV#POPPER campaign appears to be software developers who are looking for work. 

Job interviews can be an effective cover for socia

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

Phishing-as-a-service, or PhaaS, is a cyber threat subscription service, much like any number of other “as a service” types you may be familiar with, such as ransomware-as-a-service.  One of the noted early pioneers of this model is BulletProofLink.  This operation was taken down by Malaysian law enforcement in November of last year in collaboration with the Australian Federal Police and the FBI. 

The general ideal of phishing-as-a-service is that service providers are offering ready-to-use phis