All Articles (2242)

Sort by

12368052452?profile=RESIZE_400xAlbabat, also known as White Bat, is a financially motivated ransomware variant written in Rust that identifies and encrypts files important to the user and demands a ransom to release them.  It first appeared in November 2023 with the variant Version 0.1.0. Version 0.3.0 was released in late December, followed by version 0.3.3 in mid-January 2024.

Link to full report: IR-24-029-001_WhiteBat.pdf

12368645483?profile=RESIZE_400xResearchers from Microsoft reported on 25 January 2024 that the Russian state-sponsored threat actors responsible for a cyberattack on its systems in late November 2023 have been targeting other organizations and that it's currently beginning to notify them.  The development comes a day after Hewlett Packard Enterprise (HPE) revealed that it had been the victim of an attack perpetrated by a hacking crew tracked as APT29, which is also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzar

12368087481?profile=RESIZE_400x“Vote early and often.”  In his book Capone, author John Kobler attributes the phrase to the gangster Al Capone.  In the United States, Republicans accused their opponents of inviting such corruption with their support of the National Voter Registration Act of 1993, the "Motor Voter Law."

See:  https://redskyalliance.org/xindustry/election-day-concerns

Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), stated in an interview on 19 January 2024 that "the Ame

12367284866?profile=RESIZE_400xDespite improving preparedness, US small businesses are still highly vulnerable to cyber incidents.  A recent report by Hiscox USA indicates that while the small business segment paid less to respond to a cyber incident this past year, it was offset by increased attacks and breaches.

In its annual cyber readiness report, Hiscox revealed the median cost of cyber-attacks decreased for small businesses in the US from $10,000 in 2022 to $8,300 in 2023. At the same time, the median number of attacks

12366485082?profile=RESIZE_400xThe sandwich chain Subway  www.subway.com  has launched an investigation after the infamous LockBit ransomware group claimed over last weekend that it hacked into the company’s systems and stole vast amounts of information.  “The biggest sandwich chain is pretending that nothing happened,” the LockBit gang said in a message posted on its website. “We exfiltrated their SUBS internal system which includes hundreds of gigabytes of data and all financial expects of the franchise, including empl

12366536054?profile=RESIZE_400xThe US Securities and Exchange Commission on 22 January 2024 revealed that hackers used SIM swapping to take over its X (formerly Twitter) account.  The hack occurred on 09 January 2024, when a post sent from the agency’s @SECGov account on the social platform announced that a long-awaited bitcoin exchange-traded fund (ETF) was approved.  The post caused the price of bitcoin to spike more than $1,000.   Shortly after the post, the SEC Chairman announced on his personal account that the SEC’s acc

12364610092?profile=RESIZE_400xThe threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims unwilling to agree to their demands.   As part of their multi-extortion strategy, this group will provide victims with multiple options when their data is posted on their leak site, such as time extension, data deletion, or downloading all the data.  These options have a price tag depending

12366120476?profile=RESIZE_400xGoogle continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications.  The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair.

Google says keeping users safe is a top priority, and that the company has a team of thousands working around the clock to cr

12366106682?profile=RESIZE_400xThe Fidelity National Financial (FNF) cyber-attack leaked the personal data of 1.3 million customers, the company has disclosed in a new filing with the Securities and Exchange Commission.  FNF is one of the largest title insurance and transaction services providers in the United States, with a market capitalization of $13.3 billion, an annual revenue of over $10 billion, and a workforce of about 23,000 people.[1]

The November 2023 cyber-attack disrupted the company’s operations for nearly a wee

12364606868?profile=RESIZE_400xA recent article raised the question of whether North Korea was the perpetrator of the cyber-attacks against Sony Pictures in December 2014.  Despite the difficulties typically associated with such activities, the US Federal Bureau of Investigation (FBI) quickly attributed (25 days) the attacks to North Korea, even though an enigmatic group calling itself “Guardians of Peace” took responsibility.  Nevertheless, once the FBI official blamed North Korea, no one in the government appeared to questi

12365719674?profile=RESIZE_400xSeveral US federal agencies published a guide of cybersecurity best practices for the water and sanitation sector following criticism from a US government watchdog about the government’s work with the industry.  This past week, the US Environmental Protection Agency (EPA) partnered with the FBI and Cybersecurity and Infrastructure Security Agency (CISA) to release a manual providing the water industry with more information on cyber incident response as well as the roles, resources and responsibi

12365706852?profile=RESIZE_400x

Below is a research and analysis of the PixieFAIL by the researchers at QuarksLab.  Nine vulnerabilities that affect EDK II, the de-facto open source reference implementation of the UEFI specification and possibly all implementations derived from it.  The vulnerabilities are present in the network stack of EDK II and can be exploited during the network boot process.[1]

Network boot is a standard feature on enterprise computers and servers. Using network boot to load an OS image from the network

12364136897?profile=RESIZE_400xHigh-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the UK, and the US have been targeted by an Iranian cyber espionage group called Mint Sandstorm since November 2023.  The threat actor "used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files," the Microsoft Threat Intelligence team reported in a recent analysis, describing it as a "technically and operationally ma

12364604453?profile=RESIZE_400xThe operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023.  The scheme leveraged high-quality phishing pages to lure unsuspecting users into connecting their cryptocurrency wallets with the attackers' infrastructure that spoofed Web3 protocols to trick victims into authorizing transactions.  A crypto drainer is a malicious tool or script specially designed to transfer or redirect cryptocurrency from a vict

12057871866?profile=RESIZE_400x

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

12364361673?profile=RESIZE_400xThe proper eyewear can be a game-changer for IT professionals who spend their working life in front of screens.  In a recent interview Anthony Czajkowski, a licensed optician and an eyewear industry veteran for more than 30 years with his optometry practice at the Omega Eye Center in Coral Springs, Florida, offers his opinions.

Progressive lenses, the basis for technology lenses, have a long history. In 1959, multifocal technology was revolutionized when French engineer Bernard Martinez invented

12360858262?profile=RESIZE_400xIf you used the investing app Robinhood, you could qualify for part of a $20 million class action settlement resolving allegations that the investment app's negligence led to personal information being leaked.  Robinhood's cybersecurity system "lacks simple and almost universal security measures used by other broker-dealer online systems, such as verifying changes in bank account links," according to a February 2021 complaint.

If your Robinhood account was accessed by unauthorized users between

12364134874?profile=RESIZE_400xTraditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks.  To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication (MFA) as a more robust security measure. MFA requires users to provide multiple authentication factors to verify their identity, providing an additional layer of protection against unauthorized access.  Cybercriminals are constantly investigating ways to bypass MFA systems. O

12361108271?profile=RESIZE_400xCybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption to bypass detection rules.

Atomic Stealer first emerged in April 2023 for a monthly subscription of $1,000. It's capable of harvesting sensitive information from a

12361106501?profile=RESIZE_400xThe least surprising headline from 2023 is that ransomware again set new records for a number of incidents and the damage inflicted.  There were new headlines every week, which included  big name organizations:  MGM, Johnson Controls, Chlorox, Hanes Brands, Caesars Palace, and so many others.

Phishing-driven ransomware is the cyber threat that looms larger and more dangerous than all others.  CISA and Cisco report that 90% of data breaches are the result of phishing attacks and monetary losses t