X-Industry

Meta will remove third-party fact-checkers from its Facebook and Instagram social media platforms as it wants to embrace free speech. They intend to replace fact checkers with the accuracy of messages being monitored by user-generated community notes. Meta's current fact-checking program, introduced in 2016, refers to posts that appear false or misleading to independent organizations to assess their credibility.

In a recent video, Meta’s Chief Executive Mark Zuckerberg said third-party moderator

Businesses in the UK are set to be protected by a new ransomware ban to address the threat of cybercrime, which is estimated to cost the UK economy billions of pounds every year.   The proposed legislation follows a series of serious ransomware attacks on the National Health Service (NHS), the British Library and the Royal Mail, that have caused severe disruption and cost millions in recovery costs.   The intention is to make public sector and infrastructure organizations less appealing as targe

This is a follow-up analysis of a previous blog about a zero-day exploit. The FortiGuard Incident Response (FGIR) team examined how remote attackers exploited multiple vulnerabilities in an appliance to gain control of a customer’s system. At the end of that blog, analysts revealed that the remote attacker had deployed a rootkit (a loadable kernel module, sysinitd.ko) and a user-space binary file (sysinitd) on the affected system by executing a shell script (Install.sh). Additionally, to establi

Our friends from German media is reporting that the new US administration has dismissed all members of various advisory bodies not appointed by the government, bringing an investigation into the devastating cyber-attack on US providers to an abrupt halt.  This was reported by the news agency Reuters. According to trusted sources, the investigation into the attack by the Cyber Safety Review Board has been “killed,” as reported by Reuters.  US Senator Ron Wyden-D speaks of a “massive gift to the C

A potentially catastrophic ransomware attack on Costa Rica’s largest oil refinery last year was the first real-world test of the US State Department’s new rapid response tool for cybersecurity incidents, according to a top diplomat.  The department’s cyber bureau tapped the Foreign Assistance Leveraged for Cybersecurity Operational Needs, or FALCON, one of several US initiatives developed to bolster allies and infuse global digital norms with American values.  “Our goal was to provide swift and

Cybersecurity researchers have reported that artificial intelligence (AI) assisted with ransomware called FunkSec, which entered the market in late 2024 and claimed more than 85 victims. "The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms," Check Point Research said in a new report from The Hacker News. "Notably, FunkSec demanded unusually low ransoms, sometimes as little as $10,000, and sold stolen data to third parties at reduc

A federal grand jury has indicted a 51-year-old church pastor on 26 counts of fraud, after allegedly using his position to deceive victims into investing in a cryptocurrency investment scam.  That would seem unusual, but what is even more bizarre is that the pastor alleged to be behind the scheme claims that the inspiration for the project came to him in a dream.  Francier Obando Pinillo, of Miami, Florida, is alleged to have exploited his position at a Spanish-language church in Pasco, Washingt

Silverfort has discovered that a misconfiguration can bypass an Active Directory Group Policy designed to disable NTLMv1, allowing NTLMv1 authentications to persist. Microsoft announced the full decommission of NTLMv1 from Windows 2025.  Unified Identity Security company Silverfort has discovered a security vulnerability involving a misconfiguration in Active Directory.  This vulnerability allows NTLMv1 authentication to persist despite attempts to disable it through Group Policy.

NTLMv1 is an o

A new phishing campaign relies on legitimate links to trick victims into logging in and giving attackers control of their PayPal accounts. The phishing emails inform the intended victim of a payment request, providing legitimate-looking details, such as an amount and transaction ID, and even contain warnings that one would typically find in an email from PayPal. The messages come from a genuine PayPal address and include a genuine URL, which allows them to pass security checks and makes them app

The US Commerce Department on 14 January 2025 announced a new rule that will ban certain Chinese and Russian connected car technology from being imported to the United States.  Software and hardware built into Vehicle Connectivity Systems (VCS), such as telematics control units and cellular, satellite and Wi-fi functions, which are manufactured in China and Russia will be banned, along with any connected cars containing them.

Separately Russian and Chinese Automated Driving System (ADS) software

Microsoft's Digital Crimes Unit is pursuing legal action to disrupt cybercriminals who create malicious tools that evade the security guardrails and guidelines of generative AI (GenAI) services to create harmful content.  According to a spokesman, it has observed a threat group seeking out vulnerable customer accounts using generative AI, then creating tools to abuse these services.[1]

See:  https://redskyalliance.org/xindustry/microsoft-s-new-copilot-ai-agents

According to an unsealed complaint

French cybersecurity firms and law enforcement agents, together with partners from the United States, have successfully removed Chinese-built malware from thousands of infected PCs.  In a press release shared on the US Justice Department (DOJ) website, it was said a Chinese state-sponsored threat actor called Twill Typhoon (AKA Mustang Panda) built a custom version of the PlugX malware which can “infect, control, and steal information from victim computers.  Since at least 2014, Mustang Panda ha

What is the E-ZPass Smishing Scam?  Recently, scammers have been targeting consumers with a "smishing" scam where they send a text or email claiming to be from the E-ZPass tolling agency.   The message claims that a driver has an unpaid toll and they need to settle their bill using a link provided in the message before late fees are incurred.

InfraGard Rhode Island urges you to NEVER click on links from unknown senders, in both text messages and emails.

What should you do if you have received a

On 7 January 2025, the US government announced the launch of the US Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices. "IoT products can be susceptible to a range of security vulnerabilities," the US Federal Communications Commission (FCC) said. "Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear a label including a new 'US Cyber Trust Mark.'"

As part of the effort, the logo will be accompanied

Spoofed email addresses in malspam campaigns continue to work for attackers who use them to bypass security mechanisms and trick victims into triggering the malware. Despite safeguards like DKIM, DMARC, and SPF designed to prevent attackers from spoofing well-known domains, attackers are getting around these by abusing neglected domains that lack DNS records, making them harder to detect.

Researchers have identified how these spam campaigns use disused domains to distribute phishing emails cont

In the 1970s and 1980s, Casio was best known for its electronic (including scientific) calculators, electronic musical instruments, and affordable digital watches incorporating innovative technology. All the cool kids had a Casio calculator (unfortunately, I was taught on a slide rule). Well, Casio is still around. Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. The affected individuals are primarily

The National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC) says it has identified two major cyber espionage campaigns undertaken by the US cyber spies that hacked Chinese technology companies with the aim to steal trade secrets.  In a statement, CNCERT/CC said that advanced materials design and research unit and a large-scale high-tech company focused on intelligent energy and digital information were "suspected of being attacked by a US intelligence

Businesses are more likely to face a costly cyber-crime attack than a robbery or fire this year as hackers continue to employ devious social-engineering skills to lure unsuspecting victims.  This reality has been highlighted in several reports by global cybersecurity experts who have analyzed cybercrimes, such as ransomware (where hackers encrypt and steal data), smishing (SMS link scams) and phishing (email link/attachment scams) in recent years and have warned that Artificial Intelligence (AI)

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has taken decisive action against Integrity Technology Group, Incorporated (Integrity Tech), a Beijing-based cybersecurity company, for its alleged involvement in malicious cyber activities targeting U.S. critical infrastructure. Announced on January 3, 2025, this move represents a significant escalation in the U.S. government's efforts to combat state-sponsored cyber threats.

Integrity Tech is accused of providing inf

The National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity warned Japanese organizations of a sophisticated Chinese state-backed cyber-espionage effort called "MirrorFace" to steal technology and national security secrets.  Japanese authorities said the advanced persistent threat group (APT) MirrorFace has been operating since 2019.

"By publicizing the modus operandi of 'MirrorFace' cyberattacks, the purpose of this alert is to make targeted organizat