X-Industry

The US Department of Justice is reportedly seeking to force Google to sell Chrome, according to Bloomberg.  Prying the browser from the rest of the company is only one of the measures the DOJ will ask the courts to enforce, following a ruling that the company maintained an illegal search monopoly.   While ripping Chrome from Google might seem a relatively simple measure, there are a huge number of complicating factors that make it a trickier operation than it might first appear, factors that cou

CyberVolk is a politically motivated hacktivist collective that launched its own RaaS in June 2024. The group uses DDoS and ransomware attacks to undermine and disrupt the operations of those opposed to Russian interests.

The group has become an increasingly prominent player within the cybercrime ecosystem, adapting and repurposing existing commodity malware to advance its causes. Highly skilled actors within the collective expand and revise such tools, effectively making them more sophisticated

Most people watch online scams, but if you are not careful, you might do the scammers' work for them. A new study from GenDigital, the company behind cybersecurity brands like Norton, Avast, LifeLock, AVG, ReputationDefender, and CCleaner, shines some light on "scam yourself" attacks that are on the rise dramatically. Instead of using other nefarious methods, these scams rely on social engineering to get people to download malware themselves.
Gen says millions of people have fallen for these sca

A skilled and prolific hacker has been given a five-year sentence on 14 November 2024 for laundering the proceeds of one of the biggest ever crypto-currency thefts.  His crime involved the 2016 theft of a reported 120,000 bitcoins from cryptocurrency exchange Bitfinex, worth over $9bn at today's heightened exchange rate.   Ilya Lictenstein has been sentenced to five years in jail after he attempted to launder the money with the help of his wife Heather Morgan, who used the alias 'Razzlekhan' to

The country's National Cyber Security Centre (NCSC) has uncovered a new malware campaign targeting Swiss residents through fake postal letters. The scam involves fraudulent correspondence disguised as official communication from MeteoSwiss, the Federal Office of Meteorology and Climatology. It urges recipients to scan a QR code and download a malicious weather app for Android devices.

See: https://redskyalliance.org/xindustry/malicious-qr-codes

The fake “Severe Weather Warning App” app mimics t

Happy Thanksgiving – lets go shopping.  As we head into the rush of the holiday season, it can be easy to pay less attention to certain details like ADs promoting excessive discounts, unusual web addresses and text messages about undeliverable packages, which can all be signs of online shopping scams.  Between October and December 2023, $95.2 million in losses from online shopping scams were reported to the US Federal Trade Commission by consumers, according to the New York State Department of S

Efforts by the US DHS, Transportation Security Administration (TSA) to address cybersecurity issues faced significant criticism this week from government watchdogs, members of Congress and regulated companies.  A US Government Accountability Office (GAO) report last week said four of the six cybersecurity recommendations made to TSA since 2018 have still not been addressed, including one centered around the agency’s efforts to protect companies from ransomware.  “For example, in January 2024, GA

So, the other day, I was walking down our main street, and I noticed a girl wearing bell-bottom pants. Wow, that takes me back to the late 1960s and into the ’70s. Everyone was wearing bell-bottom pants back then. I even had a few pairs myself. In truth, that fad started with sailors wearing bell-bottom pants. The British Navy began the “fad” in 1813, and the US Navy followed close behind. Was this fad coming back? Well, what is old often becomes new again. BTW, Wrangler sells women’s bellbottom

As many are preparing for the holiday season, the US DHS, Transportation Security Administration (TSA) is projecting record-breaking travel for Thanksgiving in the next three (3) days.  TSA is prepared to screen more than 18 million people from Tuesday, 26 November, to Monday, 2 December, a 6% increase from last year.  Passenger volumes reached a record high in 2024, too, with a 17% increase from 2022.

TSA believes the three busiest days will be Tuesday and Wednesday before Thanksgiving and Sund

Law enforcement officials warn that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much more challenging to unlock, per a document obtained by 404 Media. 404 Media obtained the document from a mobile forensics source and verified it with another source. The document notes that some iPhones in a forensics lab, including those in Airplane mode or a Faraday box, rebooted unexpectedly, losing their “After First Unlock” (AFU) state. iPhones in an “After

Back in the 1960’s there was a comedy show where a character played by Flip Wilson used to say, “The devil made me do it.”  This was all tongue in cheek and made people laugh, but this recent revelation, if true, is not so funny.  Google’s Gemini AI Chatbot faces backlash after multiple incidents of it telling users to die, raising concerns about AI safety, response accuracy, and ethical guardrails.  AI chatbots have become integral tools, assisting with daily tasks, content creation, and advice

The operator of the cryptocurrency mixing service Helix was sentenced to three years in prison last week.  Akron, Ohio native Larry Dean Harmon, 41, pleaded guilty in 2021 to conspiracy to commit money laundering.  A US Justice Department spokesperson did not respond to requests for comment about why the sentencing took place three years after the deal was agreed to.  It is unclear whether Harmon will be released this year.  In addition to his term in prison, Harmon was sentenced to three years

Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates. One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta’s social media platform, Facebook. The campaign tricks users into installing a harmful browser extension und

South Korea claims pro-Russia actors intensified cyberattacks on national sites after it decided to monitor North Korean troops in Ukraine. South Korea’s government blames pro-Russia threat actors for an intensification of cyberattacks on national sites after it chose to monitor North Korean soldiers in Ukraine. South Korea reports that over 10,000 North Korean troops are now deployed in Russia, including in the frontline Kursk region, to support the war in Ukraine. This development, confirmed b

“Multi-Factor Authentication stops 99% of all attacks.”  It’s a phrase used quite a bit.  However, while MFA has become the go-to cybersecurity solution deployed by businesses globally, we must recognize that not all MFA solutions are created equal.  Many are as easy to hack with social engineering and phishing as traditional passwords.  So, the claim that almost all attacks can be repelled by MFA is an oversimplification at best and insincere at worst.

This raises an important question: if so,

Have I Been Pwned (HIBP) warns that an alleged data breach exposed the personal information of 56,904,909 accounts for Hot Topic, Box Lunch, and Torrid customers.  Hot Topic is an American retail chain specializing in counterculture-related clothing, accessories, and licensed music merchandise.  The company operates over 640 stores across the United States and Canada, primarily located in shopping malls, and has a vast customer base.  According to HIBP, the exposed details include full names, em

For those of you old enough to remember party lines when using your telephones, you could not just pick up the phone and start talking, as there were likely two others on the same ‘line,’ until those talking would hang up their phones. So, you didn’t want to begin sharing any personal information with these two strangers. A party line (multiparty line, shared service line, party wire) is a local loop telephone circuit shared by multiple telephone service subscribers. Fast forward to 2024. The US

New research shows that criminal cyber actors are seemingly targeting Australians with a penchant for Bengal cats, a breed of hybrid feline created from crossing an Asian leopard with domestic breeds. Using Gootloader, a popular malware strain often used as an infostealer or as malware dropped before ransomware attacks, Sophos found that the threat actors target users who search "Are Bengal cats legal in Australia?" and other similar questions.

In one example, the researchers found that one webs

Six unpatched vulnerabilities in a Mazda in-vehicle infotainment (IVI) system could be exploited with a simple USB in a moment’s time, and one of them has legitimate consequences to vehicle safety.  Cars are just computers on wheels, and IVIs are their user interface.  The IVI in most Mazda vehicles of recent years like the Mazda3 and CX-3, 5, and 9 are built with the Mazda Connect Connectivity Master Unit (CMU), developed by the Michigan-based Visteon Corporation.[1]  The CMU is a core hardware

Researchers recently discovered that suspected Iranian hackers impersonated recruiters on LinkedIn to target the aerospace industry in a new espionage campaign.  So-called “fake worker” schemes are typically associated with North Korean threat actors.  However, the Israel-based cybersecurity company ClearSky has attributed this latest campaign to the Iranian operation tracked as TA455, likely a subgroup of the Iranian government cyberwarfare group Charming Kitten.[1]

Researchers suggest that TA4