A new malware called "Voldemort" has been making waves in recent weeks, sending over 20,000 emails worldwide as it spreads through phishing attacks. Discovered by IT security researchers at Proofpoint on 5 August, this malware has proven to be very deceptive. "Voldemort" employs a sophisticated tactic to evade detection: it disguises its network traffic as legitimate by using Google Sheets as an interface. This method allows the malware’s data transmissions to appear harmless, slipping past s
phishing (124)
FortiGuard Labs recently caught a phishing campaign with a malicious Excel document attached to the phishing email. Analysts performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger. Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities. It is a .NET-based software originally sold on a hacker forum. Once executed on a victim’s computer, it can steal sensitive data, including saved
Microsoft was anxious to put generative AI at the heart of its systems. Ask a question about an upcoming meeting, and the company’s Copilot AI system can pull answers from your emails, Teams chats, and files, a potential productivity boon. However, these exact processes can also be abused by hackers. On 08 August 2024, at the Black Hat security conference in Las Vegas, researcher Michael Bargury demonstrated five proof-of-concept ways that Copilot, which runs on its Microsoft 365 apps, such
On 17 July 2024, cybersecurity experts gathered at Cecil College[1] for the Cyber Security in Agriculture Forum to discuss the escalating threats to digital information and privacy across all sectors, specifically agriculture. Panelists unanimously agreed that cyber threats are increasing in frequency and sophistication, posing significant risks to individuals, small businesses, corporations, and large public entities.
The forum began with an overview of the current cybersecurity landscape, hig
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate
As the 2024 Paris Summer Olympics approach, a sophisticated Russian disinformation campaign is in high gear to sow confusion, undermine the Games, and dissuade spectators from attending. This is according to a new report from the Microsoft Threat Analysis Center (MTAC) that outlines extensive malign influence efforts emanating from Russia-aligned actors. "In just under three months, after traversing more than 3,000 miles across 450 French towns, the Olympic flame will be lit at the Opening Cer
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate
In case you have not heard, 2024 is a big year for cicadas. Cicada (family Cicadidae) is a family of more than 3,000 species of sound-producing insects. Cicadas are found worldwide in tropical and temperate areas and occur in deserts, grasslands, and forests. Cicadas have been used in folk medicines, as religious and monetary symbols, and as an important source of food for humans and many other organisms. The cicada appears in the mythology, literature, and music of many cultures, including so
DEV#POPPER is a social engineering campaign that has been tracked recently by the Securonix Threat Research team. Social engineering is a topic we have covered many times, but ultimately what it boils down to is that social engineering attacks are generally geared towards tricking victims into compromising themselves. With that in mind, the primary target for the DEV#POPPER campaign appears to be software developers who are looking for work.
Job interviews can be an effective cover for socia
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated
Phishing-as-a-service, or PhaaS, is a cyber threat subscription service, much like any number of other “as a service” types you may be familiar with, such as ransomware-as-a-service. One of the noted early pioneers of this model is BulletProofLink. This operation was taken down by Malaysian law enforcement in November of last year in collaboration with the Australian Federal Police and the FBI.
The general ideal of phishing-as-a-service is that service providers are offering ready-to-use phis
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated
A new phishing campaign has been observed delivering Remote Access Trojans (RAT) such as VCURMS and STRRAT using a malicious Java-based downloader. The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware, an unusual aspect of the campaign is VCURMS' use of a Proton Mail email address ("sacriliage@proton[.]me") for communicating with a command-and-control (C2) server.
The attack chain commences
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated
Valentine's Day is a time when many people feel particularly vulnerable, but others also feel generous and giving. This makes it the perfect time for cybercriminals and fraudsters to operate.
The Cyber Helpline https://www.lighthousevictimcare.org/organisation/the-cyber-helpline/, a UK charity led by volunteers and staff from the cybersecurity industry, has expanded to the USA to support those experiencing cybercrime and online harm. The charity expects a considerable increase in online relatio
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate
Microsoft representatives have warned that adversaries use OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team said in an analysis. The misuse of OAuth also enables threat actors to maintain access to applications even if the
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated
At its most basic, the term “auto fill” refers to a feature or set of features that enables users to insert previously entered information into web pages. Depending on the specific application being used, this can be any sort of information like names and address, moving all the way up to information that needs more protection such as credit card numbers and username/password combinations.
On Android devices, it is often the case that an application will display a login form by using what’s cal
Microsoft’s spokesman announced on 13 December 2023 the disruption of Storm-1152, a Cybercrime-as-a-Service (CaaS) ecosystem that created 750 million fraudulent Microsoft accounts supporting phishing, identity theft, and other schemes. The CaaS is believed to have made millions of dollars in illicit revenue by creating fraudulent accounts for other cybercrime groups to use in phishing, spam, ransomware, Distributed Denial-of-service (DDoS), and other types of attacks.
See: https://redskyallian
