X-Industry

An Android malware called FireScam tricks people into thinking they are downloading a Telegram Premium application that clandestinely monitors victims' notifications, text messages, and app activity while stealing sensitive information via Firebase services.

Cyfirma researchers spotted the new infostealer with spyware capabilities. They said the malware is distributed through a GitHub.io-hosted phishing website miming RuStore, a popular Russian Federation app store.

The phishing site delivers a

While you always want to be careful where you click online, a new variation on the classic clickjacking attack should give you pause when a site asks you to double-click on something.  As reported by Cybernews, Amazon security engineer Paulos Yibelo has shed light on a new version of this attack that can be used to disable security settings, delete an account or even take over your existing accounts.  As the name suggests, clickjacking is an attack method where hackers, scammers or other cybercr

A thwarted attack demonstrates that threat actors are using another delivery method for the malware, which has already been spread using phishing emails, malvertising, hijacking instant messages, and SEO poisoning. The DarkGate remote access Trojan (RAT) has a new attack vector: A threat actor targeted a Microsoft Teams user via a voice call to gain access to their device. Researchers said the attack adds to the other methods for spreading the RAT, which previously has been propagated using phis

Trustwave researchers have recently released a report about a phishing campaign they had been tracking which had experienced a significant increase in activity in August of 2024 and targeting primarily Microsoft 365 users. This campaign has been linked to the phishing kit called Rockstar 2FA.  The Rockstar 2FA phishing kit has been deemed to be an updated version of the DadSec phishing kit. Microsoft tracks the threat actor behind these phishing kits under the moniker Storm-1575.

Rockstar operat

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates. One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta’s social media platform, Facebook. The campaign tricks users into installing a harmful browser extension und

The holiday shopping season is almost upon us, and with all the great sales and promotions come the usual cyber scams. While generally quick and convenient, shopping online can leave you vulnerable to scammers if you are not cautious. Based on a consumer survey, a new report from Norton looks at how scams are a common concern among shoppers and how to protect yourself while holiday shopping online.

Check out the 2024 Cyber Safety Insights Report.

Norton incorporated the results of a survey condu

The Black Basta group is a Ransomware-as-a-Service (RaaS) provider that has been in operation since at least April of 2022.  The group is believed to be comprised of former members of the ransomware groups Conti and REvil.  The reason for this belief is driven by several factors, such as the similarities in their tactics and their rapid integration into the cybercriminal ecosystem.

Black Basta is credited as having victimized over 500 organizations.  In the first quarter of 2024, the group had c

Red Sky Alliance monthly queries our backend databases, identifying all new data containing supply chain keywords in the subject line of malicious emails.  Malicious actors use emails with various supply chain related keywords as a lure to entice users in the maritime industry to open emails containing malicious attachments.  The identified emails attempted to deliver malware or phishing links to compromise the entire Transportation Supply Chain.  Specific names or key words in the transporta

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

Due to economic turbulence and a relentless surge in cyber threats, today's cybersecurity landscape requires enterprises to remain resilient by adapting to security risks.  Many organizations have chosen to adapt to these risks by embracing modern technology such as generative artificial intelligence (GenAI), which can present new risks if not implemented properly.  The speed at which companies innovate and adopt new technology is far outpacing the security measures that must be addressed first.

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages designed to harvest users' credentials.  Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content.  Malicious links direct the browser to automatically refresh or reload a web page immediately without requiring user interact

The underground market for large illicit language models is lucrative, said academic researchers who called for better safeguards against artificial intelligence misuse.  Academics at the Indiana University Bloomington[1] identified 212 malicious LLMs on underground marketplaces from April through September 2024.  The financial benefit for the threat actor behind one of them, WormGPT, is calculated at US$28,000 over two months, underscoring the allure for harmful agents to break artificial intel

In August 2024, FortiGuard Labs observed a python infostealer we call Emansrepo that is distributed via emails that include fake purchase orders and invoices.  Emansrepo compresses data from the victim’s browsers and files in specific paths into a zip file and sends it to the attacker’s email.  According to our research, this campaign has been ongoing since November 2023.  The attacker sent a phishing mail containing an HTML file, which was redirected to the download link for Emansrepo.  PyInsta

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

A new malware called "Voldemort" has been making waves in recent weeks, sending over 20,000 emails worldwide as it spreads through phishing attacks.  Discovered by IT security researchers at Proofpoint on 5 August, this malware has proven to be very deceptive.  "Voldemort" employs a sophisticated tactic to evade detection: it disguises its network traffic as legitimate by using Google Sheets as an interface.  This method allows the malware’s data transmissions to appear harmless, slipping past s

FortiGuard Labs recently caught a phishing campaign with a malicious Excel document attached to the phishing email.  Analysts performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger.  Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities.  It is a .NET-based software originally sold on a hacker forum.  Once executed on a victim’s computer, it can steal sensitive data, including saved

Microsoft was anxious to put generative AI at the heart of its systems.  Ask a question about an upcoming meeting, and the company’s Copilot AI system can pull answers from your emails, Teams chats, and files, a potential productivity boon.  However, these exact processes can also be abused by hackers.   On 08 August 2024, at the Black Hat security conference in Las Vegas, researcher Michael Bargury demonstrated five proof-of-concept ways that Copilot, which runs on its Microsoft 365 apps, such

On 17 July 2024, cybersecurity experts gathered at Cecil College[1] for the Cyber Security in Agriculture Forum to discuss the escalating threats to digital information and privacy across all sectors, specifically agriculture.  Panelists unanimously agreed that cyber threats are increasing in frequency and sophistication, posing significant risks to individuals, small businesses, corporations, and large public entities.

The forum began with an overview of the current cybersecurity landscape, hig

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate