X-Industry

The ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users.  The cyber threat actor used original logos from the compromised store and customized a web element known as a modal to hijack the checkout page perfectly.  Interestingly, the “skimmer” page looks more authentic than the original payment page.  It must be the improved graphics.[1]

The term Magecart is

A new "All-in-One" stealer malware named EvilExtractor (also spelled Evil Extractor) is being marketed to other threat actors to steal data and files from Windows systems.  It includes several modules that all work via an FTP service.  The new stealer also contains environment checking and Anti-VM functions. Its primary purpose seems to be to steal browser data and information from compromised endpoints and then upload it to the attacker's FTP server."

The researchers said they observed a surge

Online scams can be extremely damaging to an individual's finances and steal sensitive information that can be a nightmare to fix.  In general, phishing scams will appear as innocent requests from online hackers, but if you follow their requests or hand over your Social Security information, then you should immediately contact your bank to ensure they do not open new accounts.  These scammers tend to target senior citizens and can be difficult to avoid daily while using the Internet.

How to prot

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

In cybersecurity defense, the use of automatic protection tools is half the assignment.  The human element plays an increasingly important role.  Scammers like to take shortcuts and know that it is easier to trick people than it is to exploit software or hardware.  Any organization with a well-guarded security perimeter is an easy target, as long as its employees fall for phishing scams. 

The problem reached new heights during the coronavirus pandemic.  This situation for led to online panic tha

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associa

In a recent report, Microsoft warns that phishing, fake software updates and unpatched vulnerabilities are being exploited for ransomware attacks.  More than one hundred different cyber-criminal gangs are actively conducting ransomware attacks, deploying over 50 different ransomware families in campaigns which see them encrypt networks and demand a ransom payment for the decryption key.  The analysis from Microsoft Security Intelligence notes that some of the most prominent ransomware attacks of

Zendesk, a customer service solutions provider, has suffered a data breach that resulted from employee account credentials getting phished by hackers.  Cryptocurrency trading and portfolio management company, Coinigy revealed last week that it had been informed by Zendesk about the cybersecurity incident.

According to the email received by Coinigy, Zendesk learned on 25 October 2022, that several employees were targeted in a “sophisticated SMS phishing campaign.”  Some employees took the bait an

Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and Trojan malware spread on the messaging app Discord.  The security firm recorded a total of 303 blockchain security incidents over the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to SlowMist’s 09 January 2022 report.

The entire report can be viewed at:  https://slowmis

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associa

Red Sky Alliance regularly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with assoc

Recently, victims of a recently uncovered form of ransomware are being warned not to pay the ransom demand simply because the ransomware is not able to decrypt files it just destroys them instead. Coded in Python, Cryptonite ransomware first appeared in October 2022 as part of a free-to-download open-source toolkit available to anyone with the skills required to deploy it in attacks against Microsoft Windows systems, with phishing attacks believed to be the most common means of delivery.

An anal

According to cyber security professionals, ZIP and RAR files have overtaken Office documents as the file most used by cyber criminals to deliver malware, according to an analysis of real-world cyberattacks and data collected from millions of PCs.  The research, based on customer data found in the period between July and September 2022, 42% of attempts at delivering malware attacks used archive file formats, including ZIP and RAR.

That means cyberattacks attempting to exploit ZIP and RAR formats

A cruel business email compromise (BEC) gang called Lilac Wolverine is hacking people's email accounts and sending messages to their contacts claiming the account owner needs to send a gift to an unwell friend to manipulate people into sending online gift cards.  Detailed by cybersecurity researchers, this organized cybercriminal group has fine-tuned techniques pulling on people's heartstrings.

They include false claims that the gift cards are meant for people diagnosed with serious illnesses or

Over the past six months, the infamous Emotet botnet has shown almost no activity, and now it is distributing malicious spam.  Emotet is by far one of the most dangerous trojans ever created.  The malware became a very destructive program as it grew in scale and sophistication.  The victim can be anyone from corporate to private users exposed to spam email campaigns.

The botnet distributes through phishing containing malicious Excel or Word documents.  When users open these documents and enable

A China-based cyber actor group is leveraging the trust associated with popular international brands to orchestrate a large-scale phishing campaign dating back as far as 2019.   The threat actor, Fangxiao, is said to have registered over 42,000 imposter domains, with initial activity observed in 2017.  Fangxiao targets businesses in multiple verticals, including retail, banking, travel, and energy.  The offers promised financial or physical incentives are used to trick victims into further sprea

Recorded Future has shared information regarding potential threats to the 2022 World Cup soccer matches set in Qatar.  Email-based phishing attacks targeting the Middle East doubled in October in the lead up to the World Cup in Qatar, according to new research from Trellix.  Many of the emails purport to come from the FIFA help desk or ticketing office while some impersonate specific team managers and departments.  Others claim to be notifications about bans implemented by FIFA, or spoof Snoonu,

Red Sky Alliance regularly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with assoc

The US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are raising awareness of the potential threat posed by attempts to manipulate information or spread disinformation in the lead-up to and after the 2022 midterm elections.  Foreign actors may intensify efforts to influence the outcomes of the 2022 midterm elections by circulating or amplifying reports of real or alleged malicious cyber activity on election infrastructure.  Additionally, th