X-Industry

Risk assessment should be a rational and objective undertaking.  As humans, with our emotions, can sometimes be irrational and subjective. As security professionals, this would seem to put us at odds with our duty to objectively assess, manage, and mitigate risk. Unfortunately, subjectivity introduces bias, which skews risk assessment. When too much subjectivity is mixed into risk assessment, it can produce a risk picture that is not an accurate representation of reality. 

See:  https://redskyal

Recently, it was announced that the Clorox company’s CISO has stepped down from her position.  Her departure comes as the company is still recovering from a devastating cyberattack that paralyzed its order fulfillment facilities for more than a month, leading to a 20% decline in net revenue in the first quarter of the fiscal year.

The reasons behind her departure have not been publicly disclosed. Still, her decision to step down during such a critical time for Clorox's cybersecurity efforts has

A cyberattack that caused port operations to grind to a halt at four container terminals should be subject to a federal probe as a union pushes for DP World to reveal what it knew about the risks.  The Dubai-controlled stevedore, which handles 40% of the nation's international freight, closed its Sydney, Melbourne, Brisbane and Fremantle port operations after detecting a breach on November 10.  Trucks were left idling at port gates and the transfer of 30,000 containers was delayed, with the back

Arkose Labs https://www.arkoselabs.com has analyzed and reported on tens of billions of bot attacks from January through September 2023, collected via the Arkose Labs Global Intelligence Network. Bots are automated processes acting out over the internet. Some perform useful purposes, such as indexing the internet, but most are Bad Bots designed for malicious ends. Bad Bots are increasing dramatically, and Arkose estimates that 73% of all internet traffic currently (Q3, 2023) comprises Bad Bots a

The Arid Viper group has a long history of using mobile malware, including at least four Android spyware families and one short-lived iOS implant, Phenakite.  The SpyC23 Android malware family has existed since at least 2019, though shared code between the Arid Viper spyware families dates back to 2017. It was first reported in 2020 by ESET in a campaign where the actor used a third-party app store to distribute weaponized Android packages (APK).  That campaign featured several apps that mimic T

Six Group counts its profit in millions, but the financial pipework it controls moves billions.  Its operations, which include the Spanish and Swiss stock exchanges, count as critical national infrastructure and this gives it a close relationship with governments and regulators in Madrid and Zurich.  Those relationships are critical in an age where digital warfare makes financial infrastructure a prime target for hackers linked to hostile states.  Jos Dijsselhof, the Dutch chief executive of the

The US Federal Communications Commission (FCC) is adopting new rules that aim to protect consumers from cell phone account scams that make it possible for malicious actors to orchestrate SIM-swapping attacks and port-out fraud,  "The rules will help protect consumers from scammers who target data and personal information by covertly swapping SIM cards to a new device or porting phone numbers to a new carrier without ever gaining physical control of a consumer's phone," FCC reported on 17 Novembe

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

On 14 November 2023, the peer-reviewed journal Science published a study that shows how an AI meteorology model from Google DeepMind called GraphCast has significantly outperformed conventional weather forecasting methods in predicting global weather conditions up to 10 days in advance. The achievement suggests that future weather forecasting may become far more accurate.  In the study, GraphCast demonstrated superior performance over the world's leading conventional system, operated by the Euro

For those readers who did not grow up in a U. S.  Marine Corps family, here is some history.  Devil Dogs or “Teufel Hunden” in German is a nickname for United States Marines named during WW I and is believed to have originated from the Battle of Belleau Wood between the U.S Marines and German forces during June 1918.  The Marines’ relentless fighting spirit and bravery during the battle garnered them the admiration of their fellow soldiers and earned them a fearsome reputation. 

The Battle of Be

“We’re open for everyone,” announces a brightly colored sign welcoming visitors to the British Library.  But inside the airy building beside London’s St Pancras Station, not everyone can get what they want.  Not since the library was struck by cyber criminals at the end of last month.  The ransomware attack, carried out by a group known for such activity, has knocked out the website of the UK’s national library.  It has also taken down the WiFi, upon which the crowds who come here to work rely. 

A well-known ransomware group has recently filed a complaint with the US Securities and Exchange Commission (SEC) over the failure of a victim to disclose an alleged data breach resulting from an attack conducted by the cybercrime gang itself. 

The ransomware group known as Alphv and BlackCat claims to have breached the systems of MeridianLink, https://www.meridianlink.com  a California-based company that provides digital lending solutions for financial institutions and consumer data verificatio

It is even more diabolical that cyber threat actors target job hunters.  Especially those who are out of work and running behind in their bills.  Recently, a sub-set within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns.  Lazarus Group also known by other names such as Guardians of Peace or Whois Team is a legal hacker group made up of an unknown number of individuals run by the government of N

The recent increase of artificial intelligence (AI) continues to be a game-changer in many positive ways, even though we are still on the edge of its vast potential.  New and previously unimaginable medical treatments, safer, cleaner and more integrated public transport, more rapid and accurate diagnoses, and environmental breakthroughs are all within the credible promise of AI today.

Both China and Russia have made no secret of their desire to “Win the AI race” with current and pledged investme

Recently, security researchers have uncovered close to 4,000 unique secrets inside nearly 3,000 PyPI packages https://pypi.org   and says that more than 760 of these secrets were found to be valid.  Overall, the researchers identified 151 individual types of secrets, including AWS, Azure AD, GitHub, Dropbox, and Auth0 keys, credentials for MongoDB, MySQL, and PostgreSQL, and SSH, Coinbase, and Twilio Master credentials.

Valid credentials pose a critical and immediate threat to organizations, as

Property and casualty insurance company Travelers (NYSE: TRV), announced on 06 November 2023 that it has agreed to acquire Corvus Insurance Holdings:  www.corvusinsurnce.com  for approximately US$435 million.

Founded in 2017 and headquartered in Boston, MA, Corvus is a cyber insurance managing general underwriter that relies on artificial intelligence for data analysis and for loss prediction and prevention.  The company is known for its middle-market expertise, catering to wholesale broker

A cyber threat actor group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The attacks have been attributed to a threat actor it tracks under Imperial Kitten, also known as Crimson Sandstorm (previously Curium), TA456, Tortoiseshell, and Yellow Liderc.  The latest findings also detailed instances of strategic web compromises (aka wate

A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z.  This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and VNC Viewer as seen in its infrastructure (domain names) and cloaking templates used to avoid detection.

While malvertising campaigns are known to set up replica sites advertising widely

A new variant of the GootLoader malware called GootBot has been found to facilitate lateral movement on compromised systems and evade detection.  GootLoader is a stealthy malware classified as a first-stage downloader designed to attack Windows-based systems.  It is considered an Initial-Access-as-a-Service (IAaaS) tool used within a ransomware-as-a-service (RaaS) criminal business model.  The GootLoader group's introduction of their custom bot into the late stages of their attack chain is an at

In addition to our personal and private information being stolen by foreign cyber threat actors, these same criminals can now quickly obtain sensitive information on US military members from data brokers, according to a new Duke University study whose results were recently published.

See:  https://techpolicy.sanford.duke.edu/wp-content/uploads/sites/4/2023/11/Sherman-et-al-2023-Data-Brokers-and-the-Sale-of-Data-on-US-Military-Personnel.pdf

Data brokers collect and aggregate information and then