All Articles (1895)

Sort by

12125871256?profile=RESIZE_400xEarlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground

https://cybersixgill.com/resources/the-state-of-the-underground-2023   

The research stems from an analysis of Cybersixgill's collected intelligence items throughout 2022, gathered from the deep, dark and clear web.  The report examines the continuous evolution of threat actors' tactics, tools, and procedures (TTPs) in the Digital Age and how organizations can adapt to redu

12095253876?profile=RESIZE_400xThere are several ways in which an organization may discover that it has been the victim of a cyberattack or that an unauthorized third party has gained a foothold within its information technology (IT) environment.  Perhaps most commonly, an organization’s own endpoint detection, network monitoring, and other technical security controls identify and quarantine malicious cyber activity and allow for an investigation into the nature and scope of the event.  In some rare occasions, an organization

12055538860?profile=RESIZE_400xOn a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The below report aims to provide readers with brief insights into the evolving ransomware landscape variants.

Big Head Ransomware Overview – Researchers recently came across a new ransomware variant called Big Head, which came out in May 2023.  Although there are at least three variants of Big Head ransomware, all are designed to encry

12095057065?profile=RESIZE_400xTo make the Machine Learning (ML) model learn the wrong thing, adversaries can target the model’s training data, foundational models, or both.  Adversaries exploit this class of vulnerabilities to influence models using data and parameter manipulation methods, which practitioners term poisoning.  Poisoning attacks cause a model to incorrectly learn something that the adversary can exploit at a future time.  For example, an attacker might use data poisoning techniques to corrupt a supply chain fo

12051940266?profile=RESIZE_400xSchools face evolving cyber threats in an increasingly digital educational landscape.  Insider errors, ransomware attacks, and vendor vulnerabilities require a strong focus on cyber hygiene and awareness to safeguard sensitive data, says the CEO of ManagedMethods.  Although we talk about the seriousness of the cybersecurity threat in education a lot, it is worth repeating this alarming Microsoft statistic 6,110,425 (80.1% of the global total) Opens a new window enterprise malware encounter in th

12057871866?profile=RESIZE_400xRed Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

12125582881?profile=RESIZE_400xA recent survey conducted by Bridewell, a cybersecurity services company headquartered in the UK, revealed a concerning surge in insider cyber threats within critical national infrastructure (CNI) organizations.  The transport and aviation sectors are particularly at risk.  As economic uncertainties loom, organizations are facing budget cuts in cybersecurity, further exacerbating the threat landscape.  This research is some of the first conducted by Bridewell that focuses on the US.[1]

Bridewell

12050127486?profile=RESIZE_400xFree speech and digital privacy appear to be key components left out of a United Nations (UN) Cybercrime Treaty being proposed, primarily by Russia.  To say the cybersecurity community is skeptical would be an understatement.  "The UN Cybercrime Treaty, to the extent it gets adopted, is expected to define global norms for lawful surveillance and legal processes available to investigate and prosecute cybercriminals," reports The Register in a special report.  "And what has emerged so far contempl

12009611461?profile=RESIZE_400xNot to be confused with the model/actress Yara Shahidi, today Labs Con will discuss using YARA in cyber diagnostics.  This must-see talk discusses a highly-regarded but rarely publicly investigated threat actor, malware similarity, and YARA.  Publicly available data yields just a generic AV signature with the actor’s name, leaving a void for malware analysts looking to understand the overlaps between different malware families attributed to the same actor.

Greg Lesnewich explores how analysts ca

11920564268?profile=RESIZE_400xThe number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

11802187853?profile=RESIZE_400xClearing your cookie file on a regular basis, is a sound cyber security posture.  Recent hacker techniques are using session cookies as a successful by-pass to cause major cyber theft and or damage.  When visiting a website for the first time, you will invariably encounter a prompt to "accept cookies."  While allowing cookies lets you enjoy a custom experience, allowing you to bypass logging in and holding items in your shopping cart, not all cookies are intended to enhance your browsing experie

11750899660?profile=RESIZE_400xNote: this Recorded Future Ransomware Tracker is updated on the second Sunday of each month to stay current.  The number of victims posted on ransomware extortion sites increased in May, with ransomware gangs publicly claiming more than 400 attacks in a month for the second time this year. 

The uptick was fueled in large part by the Russia-linked LockBit ransomware group, which posted 74 victims to its extortion site in May.  The group has become far and away the most active ransomware gang, wit

11836228891?profile=RESIZE_400xDetection of malware is typically done using virus definitions or signatures in a database.  Security products, such as antiviruses, will scan files using a virus database to detect if the files are good or bad.  They detect files as good if they don’t match an entry in the database and consider files bad if they do match an entry. It works almost like an advanced blacklist.

Malware authors understand how security products work and build malware that these products cannot detect.  In the undergr

11836179895?profile=RESIZE_400x"There's a sucker born every minute" is a phrase closely associated with PT Barnum, an American showman of the mid-19th century, although there is no evidence that he said it.  Early examples of its use are among gamblers and confidence tricksters of the era.  A previously undetected cryptocurrency scam has leveraged over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021.

This massive campaign has likely resulted in thousands of people being scamm

11715992861?profile=RESIZE_400xNot every time there is a supply chain slowdown or stoppage, it is caused by criminal hackers.  The recent supply chain woes in Seattle and other maritime ports along the west coast of the US, is actually a worker’s slowdown.  The Port of Seattle shut its cargo operations on 10 June, adding to sporadic disruptions that have plagued West Coast ports for over a week.

The Pacific Maritime Association (PMA), which represents ocean carriers and terminal operators, blamed “coordinated and disruptive w

11595924471?profile=RESIZE_400xResearchers at FortiGuard Labs are aware of a critical zero-day SQL injection vulnerability in the MOVEit Secure Managed File Transfer software (CVE-2023-34362) allegedly exploited by the Cl0p ransomware threat actor.  High-profile government, finance, media, aviation, and healthcare organizations have reportedly been affected, with data exfiltrated and stolen.

Due to its severity, US CISA released an advisory for the vulnerability on 1 June 2023. They also updated the Known Exploited Vulnerabil

11749967472?profile=RESIZE_400xEver since generative AI exploded into public consciousness with the launch of ChatGPT at the end of 2022, calls to regulate the technology to stop it from causing undue harm have risen to a fever pitch worldwide.  The stakes are high; technology leaders signed an open public letter saying that if government officials get it wrong, the consequence could be the extinction of the human race.

See:  https://redskyalliance.org/xindustry/the-future-is-here

While most consumers are just having fun test

11487630690?profile=RESIZE_400x

Mark Twain once said, “It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so.” Twain's quote provides two key lessons: first, why double negatives in a sentence are a terrible idea, and second, how assumptions can lead one into trouble. Assumptions affect all levels of decision-making; however, when national leaders make assumptions, trouble can rapidly escalate to chaos and turmoil.

Russian President Vladimir Putin and his military suffered fro

11485401674?profile=RESIZE_400xThe Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Israel National Cyber Directorate (INCD) published a “Guide to Securing Remote Access Software,” which provides an overview of common exploitations and associated tactics, techniques, and procedures (TTPs) used by cyber threat actors to exploit the legitimate, beneficial use of this software for easy b

11518839891?profile=RESIZE_400xMany people have wondered what the YKK labeled zipper on their jeans and jackets really meant.  Well, hackers sure knew what YKK stood for: lots of ransom money. Japanese zipper giant YKK confirmed that its US operations were targeted by hackers in recent weeks but said it was able to contain the threat before damage was caused.

The Tokyo-based corporation would not say if it was hit with ransomware, but a spokesperson reported that once YKK discovered that its US-based networks were targeted, t