X-Industry

Transparent Tribe (aka APT 36, Operation C-Major) has been active since at least 2016 with attacks against Indian government and military personnel.  The group relies heavily on social engineering attacks to deliver a variety of Windows and Android spyware, including spear-phishing and watering hole attacks.

In September 2023, SentinelLabs outlined the CapraTube campaign, which used weaponized Android applications (APK) designed to mimic YouTube, often in a suspected dating context due to the na

International Joint Operation Takes Down Over 600 IP Addresses Abusing Cobalt Strike Tool - Hundreds of IP addresses abusing Cobalt Strike have been shut down in a joint effort involving law enforcement across several nations. Codenamed “Morpheus”, the joint operation resulted in flagging 690 IP addresses and domains used to infiltrate victim networks.  So far, 593 of them have been taken offline.

The servers flagged in Operation Morpheus used old, unlicensed versions of Cobalt Strike, a popular

Luxury department store chain the Neiman Marcus Group[1] has become the latest victim in a series of cyberattacks targeting users of the Snowflake data warehousing platform. The breach affected nearly 65,000 shoppers and exposed sensitive personal information.

In a letter to affected customers, Neiman Marcus stated, "We are writing to notify you of an issue that involves certain of your personal information.  In May 2024, we learned that, between April and May 2024, an unauthorized third party g

ChatGPT-maker OpenAI was hit by a cyberattack in 2023.  The threat actors were able to access internal discussions among researchers and other employees.  Corporate espionage?  According to media sources, the company had neither publicly disclosed the attack or informed the law enforcement authorities back then.  The breach was only made known among employees back in April 2023 during an internal meeting because its source code and customer data were not compromised. Affected data mostly include

AI is fueling a lot of wild ideas for our tech-driven future.  If everything pans out, we will not have to write our own essays, take our notes, or drive our cars.   But with AI’s rapid growth, it is hard not to give at least some of those lofty visions credence, even the most sci-fi ones, even Star Wars-level humanoid robots.  There are a lot of humanoid bots now and a lot more seemingly on the way, Figure’s AI robot, Unitree’s speed demon, Agility’s workhorse, but arguably most important of al

After confirming a production-halting cyberattack last month, forklift manufacturer Crown Equipment said on 1 July that operations have resumed.  Crown said work was proceeding at all 24 of its manufacturing plants.  The company’s manufacturing operations had been suspended since 10 June due to the attack on its business systems.

A company spokesman has declined to comment on the attack and said no further information would be available.  The company has declined to answer questions about how ma

The United Nations' telecommunication agency condemned Russian interference in the satellite systems of several European countries.  Earlier this month, the UN’s International Telecommunication Union (ITU) received a series of complaints from Ukraine, France, Sweden, the Netherlands and Luxembourg about the Kremlin’s alleged satellite interference that has affected GPS signals and television channels.  The ITU reviewed these complaints and published a document Monday calling the practice “extrem

More than 1,000 planned operations and over 3,000 outpatient appointments have been postponed amid ongoing disruption caused by a cyber-attack that impacted London hospitals.  Synnovis, an agency which manages labs for NHS trusts and GPs in south-east London, was the victim of a data hack on 3 June.[1]

New figures from NHS England show that since then, 3,396 appointments and 1,255 elective procedures have been postponed.  In a statement, the chief executives of two affected trusts said they were

July 4^th marks the anniversary of when Congress, comprised of delegates from the United States' original 13 colonies, signed the Declaration of Independence on 4 July 1776. The document declared the nation's independence from Great Britain.

Some research indicates that the original signers didn't even write their names on the official document until 2 August 1776.  In fact, it would take six months to acquire all 56 signatures.  Thomas McKean, a delegate from Delaware, was reportedly the last pe

P2Pinfect is a rust-based malware analyzed extensively by Cado Security in the past.  It is a reasonably sophisticated malware sample that uses a peer-to-peer (P2P) botnet for its command and control mechanism.  Upon initial discovery, the malware mainly appeared dormant.  It would spread primarily via Redis and a limited SSH spreader, but ultimately, it did not seem to have an objective other than to spread.  Recently, we observed a new update to P2Pinfect that introduced ransomware and crypto

After spending five years in detention in London's high-security H M Prison Belmarsh, a Category A men’s prison in Thamesmead, WikiLeaks founder Julian Assange has made a plea deal with the US Government. He will plead guilty to one charge of espionage and return home to Australia after years of fighting extradition from Britain. US authorities have agreed to drop their demand for Assange to be extradited from Britain after reaching a plea deal with the WikiLeaks founder.

In return for pleading

The US military recently launched a groundbreaking initiative to strengthen ties with the commercial space industry.  The aim is to integrate commercial equipment into military space operations, including satellites and other hardware. This would enhance cybersecurity for military satellites.  As space becomes more important to the world’s critical infrastructure, the risk increases that hostile nation states will deploy cyber-attacks on important satellites and other space infrastructure.  Targ

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding an ongoing phone-based impersonation fraud campaign where scammers are masquerading as CISA staff. In a brief notification, the agency stated it is "aware of recent impersonation scammers claiming to represent the agency."

The CISA warning  https://www.cisa.gov/news-events/alerts/2024/06/12/phone-scammers-impersonating-cisa-employees  explicitly states that its employees "will never contact you with a

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

Spyware is malicious software engineered to covertly monitor and gather information from a user’s computer without their awareness or consent.  It can record activities like keystrokes, browsing behavior, and personal information, often transmitting this data to a third party for espionage or theft.

Researchers at FortiGuard Labs recently detected an attack exploiting the CVE-2021-40444 vulnerability in Microsoft Office.  This flaw allows attackers to execute malicious code via specially crafted

Threat actors have exploited hacked high-ranking legitimate websites to enable BadSpace malware backdoor distribution on Windows machines.  The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases, a fake browser update, and a JScript downloader to deploy a backdoor into the victim's system.  BadSpace is a backdoor Trojan that secretly installs itself on a computer, giving cybercriminals remote access and control. It can

Researchers at Graz University of Technology could spy on users’ online activities simply by monitoring fluctuations in the speed of their internet connection.  This vulnerability, known as SnailLoad, does not require malicious code to exploit, and the data traffic does not need to be intercepted.  All types of end devices and internet connections are affected.[1]

SnailLoad attack setup:

• The victim communicates with a server.
• The server has a fast Internet connection, and the victim’s last-mile

A hack into software maker CDK Global has disrupted operations at auto dealerships across the US, the latest in a series of hacks where ransom-demanding cybercriminals target big companies by breaching behind-the-scenes software suppliers.  CDK makes software that is commonly used by car dealerships to process sales and other transactions.  Considering the hack, many dealers have started processing transactions manually, according to local press reports.[1]

Here is more about BlackSuit, the hack

A major cyber-attack occurred just before the Fourth of July holiday in 2021, affecting at least 200 US companies.  The attack was a ransomware attack that occurred first at Kaseya, a Florida-based IT company, and then spread through the corporate networks that use its software.  The attack affected multiple managed service providers and their customers.  The REvil ransomware gang was behind the attack.  Please stay vigilant during all holiday times.

At least 200 US companies were hit by a major

On 26 June, Evolve Bank and Trust, a financial institution that’s popular with fintech startups, announced that it had been victim of a cyberattack and data breach that could have affected its partner companies as well.  The incident, according to the company’s statement, involved “the data and personal information of some Evolve retail bank customers and financial technology partners’ customers.”

Evolve’s communications chief Thomas Holmes said that the incident involves “a known cybercriminal