X-Industry

The Houston Rockets professional basketball team is reporting that their security and law enforcement authorities are investigating a cyber-attack.  Officials are claiming a new hacking group attempted to install ransomware on the basketball team’s internal systems.  “The Rockets organization recently detected suspicious activity on certain systems in its internal network.  We immediately launched an investigation,” the Rockets said in an emailed statement, adding cybersecurity experts are assis

Researchers have discovered a new information-stealing Trojan, which targets Android devices with a blitz of data-exfiltration capabilities from collecting browser searches to recording audio and phone calls.   While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this clever new malicious app masquerades itself as a System Update application to take control of compromised devices.

"The spyware creates a notificati

A recent article from the University of Boston provides a very refreshing article about cyber technology helping the deaf.  The words “joke” and “ruin” might not rhyme in English - but, thanks to a new, interactive database of American Sign Language (ASL), called ASL-LEX 2.0[1], we can now see that these two words do in fact rhyme in ASL.

“In ASL, each word has five linguistic parameters: handshape, movement, location, palm orientation, and non-manual signs.  Rhymes involve repetition based on o

The COVID-19 pandemic is now a year old and has forced businesses to quickly support remote working practices, often without proper security measures in place.  The Verizon Business Mobile Security Index (MSI) 2021 reveals that many businesses may have left themselves vulnerable and open to cybercriminals in the rush to ensure their workforce could operate remotely.  Forty-nine (49) percent of businesses surveyed in the latest edition of Verizon's MSI stressed that changes made to remote working

LinkedIn is a great portal to increase your professional network and there are actors who really want to connect with you and your connections.  Remember, people often look at mutual connections before accepting some on they do not know personally.  A casual acceptance can lend credibility to hackers’ requests to connect.

A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineerin

Organizations continue to fall victim to ransomware, and yet progress on tackling these attacks, which now constitute one of the biggest security problems on the internet, remains slow. From small companies to councils, government agencies and big business, the number and range of organizations hit by ransomware is rising. One recent example; schools with 36,000 students have been hit, leaving pupils without access to email as attempts were made to get systems back online. That is at least four

Computers need hardware, like semiconductors (chips).  Modern cars need computers and thus chips.  Subaru announced it will shut down one of its Japanese factories for more than two weeks because of the ongoing shortage of semiconductors.  The international car company will close its Yajima plant in Gunma, Japan.  The auto shut down is scheduled to begin between 10 April 2021 and the scheduled Japanese holiday of Golden Week, 29 April.  Operations will not resume until 10 May.  The factory build

Activity Summary - Week Ending 9 April 2021:

• Red Sky Alliance identified 34,654 connections from new unique IP Addresses
• Analysts identified 2,753 new IP addresses participating in various Botnets
• Vacar Auto Electronics Co. is Keylogged
• Babydraco Webshells
• RemRAT Botnet
• April 15^th is Coming - US IRS scams
• Accellion and UC
• Brown University under attack
• EU Government Institutions
• PLA Shanghai Police – Hacked files

Link to full report: IR-21-099-001_weekly_099_FINAL.pdf

An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool (RAT) for carrying out espionage operations, researchers said.  Further analysis suggested that this campaign was conducted by a group related to a Chinese-speaking advanced persistent threat (APT)known as Cycldek (a.k.a. Goblin Panda, APT 27 and Conimes), according to Kaspersky researchers, who added that the group has been active since at least 2013.

A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs."  More_eggs virus is a backdoor Trojan that is utilized by Cobalt Group and other criminal gangs to attack corporations and regular users More_eggs virus is a backdoor Trojan that was used by infamous cybercriminal group the Cobalt Group More_eggs is written in JavaScript programming language. To increase the odds

One of the largest insurance firms in the US CNA Financial was reportedly hit by a “sophisticated cybersecurity attack” on 21 March 2021.  The cyber-attack disrupted the company’s employee and customer services for three days as the company shut down “out of an abundance of caution” to prevent further compromise.

Founded in 1967, the Loews Corp subsidiary is among the top 10 cyber insurance companies and the leading 15 casualty and property insurers in the US.  It employs about 5,800 workers and

US Lawmakers and security experts have expressed disappointment that US President Joe Biden’s $2.25 trillion infrastructure plan does not include funding to protect vital facilities against the growing threat of cyberattacks.  This infrastructure package failed to provide money to defend critical systems, such as the US power grid, against hackers, according to media sources last week.  “Any critical infrastructure modernization must take cybersecurity into account from the start,” said the OT d

Activity Summary - Week Ending 2 April 2021:

• Red Sky Alliance identified 34,034 connections from new unique IP addresses
• Analysts identified 3,876 new IP addresses participating in various Botnets
• 20 new unique email accounts compromised with Keyloggers were observed this week
• Soccer player’s name Berat Can Sonmez is being used to lure Victims
• EggShell Malware
• New US-IRS Phishing Campaign
• WordPress Vulnerabilities
• ClearURL and Goggle
• Honeywell and Molson Coors Attacked
• Manufacturing IT & OT
• Cyb

With the recent shipping stoppage in the Suez Canal, it became very apparent the transportation vulnerabilities in areas of constricted passages.  Preliminary reports indicate mechanical and weather errors caused the grounding; or was it?  Engine failure and heavy weather have both been cited as reasons behind merchant vessel (M/V) Ever Given’s grounding in the Suez Canal.  But neither are convincing and plain old navigation errors (humans) may be at the root of the casualty, report Lloyd's of L

Many countries are investing seriously in their 5G network, especially in Asia – China leading the way.  But beware: more connectivity through 5G networks also comes with increased cybersecurity threats.  As new technology links both the physical (OT) and virtual world (IT), 5G security risks will have wide security impacts.   To overcome these security challenges, researchers need to build security regimes that protect not only 5G infrastructure and services, but the applications and IoT device

After recently announcing the end of the operation, the administrator of Ziggy ransomware is now pledging to give their ransom generated money back.  BleepingComputer says that it appears that this is a planned move since the admin shared the "good news" a little over a week ago but gave no details.  Ziggy ransomware ceased operations in early February.  In a brief announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all

A US Congressional Representative from the State of Washington recently reintroduced a bill that would create a nation-wide data privacy standard, to be enforced by the Federal Trade Commission (FTC), that in its latest version is intended to gather bipartisan support by addressing specific Republican concerns.  The Information Transparency and Personal Data Control Act, if passed, would replace a patchwork of current state laws and provide an influx of $350 million to the FTC’s budget to enforc

The threat group behind the Sodinokibi ransomware claimed to have recently compromised nine organizations.  The REvil ransomware threat group is on a cyberattack tear, claiming over the past three weeks to have infected ten organizations across Africa, Europe, Mexico and the US.  The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the US; as well as two large international banks (one in Mexico and

Activity Summary - Week Ending 26 March 2021:

• Red Sky Alliance identified 26,343 connections from new unique IP addresses
• Analysts identified 2,393 new IP addresses participating in various Botnets
• 47 new unique email Accounts compromised with Keyloggers were Observed
• Go Daddy-East is Compromised
• Netbounce
• Clast82 Android Malware
• Google & WebView
• XcodeSpy
• Clubhouse app
• SkyGlobal
• WeChat hits

Link to full report: IR-21-085-001_weekly_085.pdf

Finally, you both deserve and earned that vacation trip to the Bahamas.  “I have loads of frequent flyer miles I have use and get there on the cheap.”  Or so you thought.  The cyberattack on SITA, a commonly used airline service provider, has compromised frequent-flyer data across many airline carriers.  SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry.  The company provides its services to around 400 members and 2,8