X-Industry

Cryptocurrency-related businesses have been targets of North Korean-affiliated threat actors for some time now, with multiple campaigns aiming to steal funds and/or insert backdoor malware into targets. In April 2023, researchers detailed an APT campaign targeting macOS users with multi-stage malware that culminated in a Rust backdoor capable of downloading and executing further malware on infected devices. ‘RustBucket,’ as they labeled it, was attributed with strong confidence to the BlueNoroff

Threat analysts have observed a new ransomware group called Interlock conducting targeted attacks across sectors, including US healthcare, IT and government, and European manufacturing. According to a recent report by Cisco Talos, Interlock employs “big-game hunting” and double extortion tactics, where compromised data is stolen and threatened to be released publicly unless a ransom is paid.

This group operates a data leak site called “Worldwide Secrets Blog” to publish stolen data. It offers vi

The cost of zero-day exploits has always been high, especially if they allow an attacker to remotely execute code on a host machine.  But why pay hundreds of thousands of dollars for a 0-day when a relatively simple drive-by attack doesn’t need one and can achieve much the same result?  That’s what interested an Imperva security researcher who has published a report on new drive-by attack using something called the Evil Code Editor.  Here’s what you need to know.

“A remote code execution chain i

In a recent opinion piece, Linus Torvalds shares his views on C and C++.  “I must be a glutton for punishment.  Not only was my first programming language IBM 360 Assembler, but my second language was C.  Programming anything in them wasn't easy.  Programming safely in either is much harder.”  So, when the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations (FBI announced they were doubling down on their efforts to persuade software manufacturers t

ByteDance is being exiled from Canada, though the TikTok app is not. Following the US's example, Canada has spent recent years questioning the world's most popular Chinese app. In February 2023, TikTok was banned from all government devices, citing security concerns. Later that year, the government called for a broader national security review under the 1985 Investment Canada Act, which empowers the government to scrutinize foreign investments.

In concluding that review, the Minister of Innovati

In a recent Forbes article, technical author Davey Winder shared insights into a Check Point blog post.  Hackers have been seen using AI which very nearly compromised the account of a Gmail user, as explained in a recent report by Winder.  Now both Gmail and AI are back in the forefront, but now as part of a large-scale hacking campaign targeting both consumers and corporates with a financially-motivated payload.  Check Point analyzes the new campaign the CopyRh(ight)adamantys cyber-attack.

Unli

The holiday shopping season is almost upon us, and with all the great sales and promotions come the usual cyber scams. While generally quick and convenient, shopping online can leave you vulnerable to scammers if you are not cautious. Based on a consumer survey, a new report from Norton looks at how scams are a common concern among shoppers and how to protect yourself while holiday shopping online.

Check out the 2024 Cyber Safety Insights Report.

Norton incorporated the results of a survey condu

Ukraine is accusing Google of exposing the locations of its military sites in recent updates to its online mapping service.  Andrii Kovalenko, the head of the counter-disinformation department at Ukraine's National Security and Defense Council, said the images were spotted last week and have already been “actively distributed” by Russians.  He did not provide further details about what was specifically revealed or how Moscow could use the obtained data.

Kovalenko said Google hasn’t yet fixed the

The hacker suspected of launching a series of major breaches involving data stored on Snowflake accounts was arrested in Canada last week after a request was issued by US officials.  The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on 30 October 2024, on the basis of a provisional arrest warrant, following a request by the US.[1]  The arrest of Moucka was first reported by Bloomberg and 404Media on earlier this week.  “He appeared in court later tha

Securonix Threat Research has discovered a sophisticated phishing campaign, “CRON#TRAP,” that leverages a unique approach to infiltrate systems and establish persistent backdoors. This creative attack method involves deploying emulated Linux environments within compromised endpoints, specifically Tiny Core Linux.

Multi-Stage Attack Process of CRON#TRAP - The CRON#TRAP campaign employs a multi-stage attack method to compromise target systems and establish persistent backdoors. The initial infecti

The Five Eyes are the intelligence agencies of the UK, US, Canada, New Zealand, and Australian governments. This group has launched a new program designed to help their tech startups improve baseline cybersecurity measures in the face of escalating state-backed threats. Secure Innovation was originally a UK initiative run by GCHQ’s National Cyber Security Centre (NCSC) and MI5’s National Protective Security Authority (NPSA). However, it has now been adopted and promoted by all Five Eyes intellig

A notorious hacker known as Intel Broker has announced a data breach involving the telecommunications giant Nokia. Posting on the infamous cybercrime forum BreachForums, Intel Broker claims to have gained unauthorized access to sensitive Nokia information through a third-party contractor linked to Nokia’s internal tool development.
The hacker claims that no customer information was accessed, but they have obtained critical internal data from Nokia’s systems, which they’re now selling for $20,000.

Researchers at Google said last week that they have discovered the first vulnerability using a large language model.  In a blog post, Google said it believes the bug is the first public example of an AI tool finding a previously unknown exploitable memory-safety issue in widely used real-world software.  The vulnerability was found in SQLite, an open-source database engine popular among developers.

Google researchers reported the vulnerability to SQLite developers in early October, who fixed it

Known for targeting iOS devices, it has been expanded to include capabilities for compromising device security and stability. ThreatFabric, who discovered the malware, initially published a report on LightSpy for macOS in May 2024. During that investigation, the analysts found that the same server managed both macOS and iOS versions of LightSpy. This discovery allowed ThreatFabric to conduct a new, detailed analysis of the spyware targeting iOS published today, finding notable updates compared t

The Black Basta group is a Ransomware-as-a-Service (RaaS) provider that has been in operation since at least April of 2022.  The group is believed to be comprised of former members of the ransomware groups Conti and REvil.  The reason for this belief is driven by several factors, such as the similarities in their tactics and their rapid integration into the cybercriminal ecosystem.

Black Basta is credited as having victimized over 500 organizations.  In the first quarter of 2024, the group had c

A global law enforcement operation has disrupted infrastructure for the Redline and Meta info stealers, malware tools that cybercriminal groups use to steal sensitive personal data. Operation Magnus took place on 28 October 2024, with law enforcement shutting down three servers used to run the malware in the Netherlands and the seizure of two domains. This means the malware no longer functions and cannot currently be used to steal new data from infected victims.
See: https://redskyalliance.org/xi

A subtle shift in rhetoric has seen IMO secretary-general Arsenio Dominguez turn the tables on industry demands for regulatory clarity and highlight the reciprocal requirement for private partnership and proactive engagement.  Dominguez, ‘It’s now [every single actor’s] turn to take actions in how they define their own goals in decarbonizing.’  Regulation alone will not be sufficient to decarbonize the maritime sector; it requires more proactive engagement from industry stakeholders across the s

Red Sky Alliance monthly queries our backend databases, identifying all new data containing supply chain keywords in the subject line of malicious emails.  Malicious actors use emails with various supply chain related keywords as a lure to entice users in the maritime industry to open emails containing malicious attachments.  The identified emails attempted to deliver malware or phishing links to compromise the entire Transportation Supply Chain.  Specific names or key words in the transporta

A criminal operation called Emeraldwhale has been discovered after it dumped more than 15,000 credentials belonging to cloud service and email providers in an open AWS S3 bucket, according to security researchers.  The unknown data thieves embarked on a "massive scanning campaign" between August and September, looking for servers with exposed Git configuration and Laravel environment files.  "This campaign used multiple private tools that abused multiple misconfigured web services, allowing atta

In February 2024, Change Healthcare, a subsidiary of UnitedHealth Group (UHG), was the victim of a significant ransomware attack carried out by the ALPHV/BlackCat ransomware group.  The attackers gained access to Change Healthcare's systems for over a week between February 12 and 20 February 2024, stealing around 4 terabytes of data, including protected health information (PHI) in the process.  The breach had the potential to impact up to 110 million individuals, potentially exposing sensitive h