X-Industry

The targeted operation utilized CVE-2017-8570 as the initial vector and employed a notable custom loader for Cobalt Strike, yet attribution to any known threat actor remains elusive.  An unknown threat actor targeted government entities in Ukraine toward the end of 2023 using an old Microsoft Office remote code execution (RCE) exploit from 2017 (CVE-2017-8570) as the initial vector and military vehicles as the lure.

The threat actor initiated the attack using a malicious PowerPoint file (.PPSX)

A hack that caused a small Texas town’s water system to overflow in January has been linked to a shadowy Russian hacktivist group, the latest case of a US public utility becoming a target of foreign cyberattacks.  The attack was one of three on small towns in the rural Texas Panhandle. Local officials said the public was not put in any danger and the attempts were reported to federal authorities.  “There were 37,000 attempts in four days to log into our firewall,” said Mike Cypert, City Manager

Tesla's humanoid robot, Optimus, is still in the lab, but it may be ready to sell by the end of next year, Chief Executive Elon Musk said on 22 April 2024. Musk told investors on a conference call that he guessed the robot would be able to perform tasks in the factory by the end of this year. Musk has said that robot sales could become a larger part of the Tesla business than other segments, including car manufacturing.

Several companies have been betting on humanoid robots to meet potential lab

Oh no, not another list?  Yes, in today's digital world, where connectivity is everything, endpoints are the gateway to a business's digital networks. And because of this, endpoints are one of the hackers' favorite targets.  According to the International Data Corporation (IDC), https://www.idc.com, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks.  With IT teams needing to protect more endpoints and more k

Microsoft has reported that North Korea-linked state-sponsored cyber actors have begun to use artificial intelligence (AI) to make their operations more effective and efficient.  "They are learning to use tools powered by AI large language models (LLM) to make their operations more efficient and effective," a MS researcher said in its latest report on East Asia hacking groups.  The company specifically highlighted a group named Emerald Sleet (aka Kimusky or TA427), which has been observed using

Cybersecurity breaches can be devastating for both individuals and businesses. While many people tend to focus on understanding how and why they were targeted by such breaches, there is a question: What is the true financial impact of a cyberattack? According to research by Cybersecurity Ventures, the global cost of cybercrime is projected to reach an astonishing 10.5 trillion USD annually by 2025, which marks a dramatic increase from the 3 trillion USD reported in 2015. This sharp rise highligh

The Federal Trade Commission (FTC) is aiming to roll out its long-awaited proposed rules governing commercial surveillance in the next few months, with a focus on ensuring that companies properly handle the data they harvest from the apps, websites and devices that consumers use.  According to two sources familiar with the agency’s plans, the rules will emphasize data security and data minimization, or the idea that companies should only collect the data they need to conduct business with consum

The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data.   Cybersecurity investigators characterized the adversary as relying on various programs to harvest data on an "industrial scale" from primarily governmental organizations, some of them defense related, located in the Asia-Pacific region.  To collect large volumes of data from many hosts, attackers need to automate the data harvesting process as m

The foundry space is arguably the most complex and competitive it has been in decades as foundry upstarts in the US and Japan look to challenge heavyweights Samsung and TSMC for a piece of the action.  But while Intel CEO Pat Gelsinger aims to leapfrog Samsung as the number two foundry operator, Henri Richard, the newly appointed president and general manager of Japan's Rapidus Design Solutions, doesn't believe it's necessary to challenge TSMC directly to be successful given the current climate.

Last year, a command injection vulnerability, CVE-2023-1389, was disclosed, and a fix was developed for the web management interface of the TP-Link Archer AX21 (AX1800).  FortiGuard Labs has developed an IPS signature to tackle this issue. Recently, they observed multiple attacks focusing on this year-old vulnerability, spotlighting botnets like Moobot, Miori, the Golang-based agent “AGoent,” and the Gafgyt Variant.  Peaks caused by these threats are evident in the following figure.  The below r

Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia.  In April 2023, following an initial focus on Windows systems, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines. As of 1 January 2024, the ransomware group has impacted over 250 organizations and claimed approximately $42 million USD in ransomware proceeds.

Early versions of the Akira ransomware variant were wr

There are many factors affecting downtime that manufacturers must consider minimizing disruption to the production line.  While unplanned maintenance is one of the main elements posing a risk to streamlined operations, another growing issue is cyber-attacks and ransomware.

Cyber security has long been a threat to industrial organizations, but the risk, and indeed incident rate, is growing.  According to a report by cybersecurity technology specialists Dragos, ransomware attacks alone against ind

Chinese-linked hackers have snooped around critical US infrastructure and have put themselves in a position to attack at “the right moment,” FBI director Christopher Wray ominously warned.  Speaking at the 2024 Vanderbilt Summit on Modern Conflict and Emerging Threats, Wray underscored that the bureau and other federal authorities have been scrambling behind the scenes to counter the threat, which he said is “upon us now.”  “The PRC [People’s Republic of China] has made it clear that it consider

As automotive engineering progresses and moves away from traditional mechanism, the integration of Artificial Intelligence (AI) and Machine Learning (ML) is not just a futuristic possibility; it is increasingly becoming a reality.  These technologies are not only reshaping how vehicles operate but are also enhancing safety, efficiency, and performance.

Dr. Vish Vadari, Senior Technical Specialist Noise, Vibration and Harshness (Global) at ZF Group, explains the potential of AI and ML in optimizi

Who wants to mess with the food supply?  Foreign adversaries and crooks, that’s who.  The US food and agriculture sector dealt with at least 167 ransomware attacks last year, according to a leading industry group.  In its first annual report, the Food and Agriculture-Information Sharing and Analysis Center (Food and Ag-ISAC) said the industry was the seventh most targeted sector in the country, behind manufacturing, financial services and others.  Thus far in the first quarter of 2024, the secto

The UN Security Council’s (UNSC) most recent Arria-formula meeting on a cyber-related topic occurred on 4 April 2024.  Organized by the Republic of Korea (ROK) and co-hosted by Japan and the United States (US), the session focused on the “Evolving Cyber Threat Landscape and Its Implications for The Maintenance of International Peace And Security.”  The informal meeting included interventions from more than 30 delegations preceded by technical briefings from Deputy to the High Representative for

Palo Alto Networks has released fixes for a zero-day vulnerability affecting its GlobalProtect VPN product that is being targeted following its disclosure last week.  Hotfixes for the vulnerability labeled: CVE-2024-3400, were recently published, as promised in an urgent notice about the bug on 12 April.  The zero-day carries the highest severity score possible of 10.[1]

Security company Volexity, which Palo Alto credited with discovering the bug, said it “is highly likely” the attacker behind t

The Sysdig Threat Research Team (Sysdig TRT) recently discovered a long-running botnet operated by a Romanian threat actor group, which we call RUBYCARP.  Evidence suggests that this threat actor has been active for at least 10 years.  Its primary method of operation leverages a botnet deployed using a variety of public exploits and brute force attacks.  This group communicates via public and private IRC networks, develops cyber weapons and targeting data, and uses its botnet for financial gain

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

Hundreds of musicians have joined with the Artist Rights Alliance (ARA) to condemn the excessive use of Artificial Intelligence (AI) in the music industry.  As well as they should.  In an open letter organized by campaign group the Artists' Rights Alliance, AI will "infringe upon our rights and devalue the rights of human artists" if used irresponsibly.  American singer Billie Eilish, Katy Perry, Elvis Costello, and UK star Engelbert Humperdinck are among 200 artists calling for the "predatory"