X-Industry

With new rules on Cyber Security coming down from the US Coast Guard, Angeliki Zisimatou, Director Cybersecurity, ABS, is uniquely positioned to discuss maritime cyber security in the round, with insights on what she’s seen and heard from the draft rules, with advice on what it could mean for vessel owners.  Cyber security and all that it entails is quickly climbing the priority ladder in maritime, as increasing dependance on connectivity is a double edge sword of promise and peril.  While the l

Earlier this week, a US federal judge ordered Google to tear down the digital walls shielding its Android app store from competition as punishment for maintaining an illegal monopoly that helped expand the company's internet empire.  The injunction was issued by US District Judge James Donato and will require Google to make several changes that the California company had been resisting.  Those include a provision that will require its Play Store for Android apps to distribute rival third-party a

The 2024 Nobel Prize in physics has been awarded to John Hopfield and Geoffrey Hinton for their fundamental discoveries in machine learning, which paved the way for how artificial intelligence is used today.

Hopfield, a professor at Princeton University and Hinton, a computer scientist at the University of Toronto, were praised for laying the foundations for the machine learning that powers many of today’s AI-based products and applications.  Hinton, however, has also expressed fears about AI’s

Automating the on-demand collection of memory dumps, process information, system files, and event logs for inclusion in threat-hunting activities allows for a more comprehensive and proactive approach to adaptive threat-hunting. In the WatchTower Threat Hunting blog series, Sentinel Labs calls out some adaptive threat-hunting methodologies, including Chained Detections, a Multi-Directional Approach, and AI-powered hunts. This shows the benefits of applying a multi-directional approach to adaptiv

Cyber risks continue to expand across industries, and as ships and boats at sea increasingly become connected to the shore in the name of crew welfare and operational efficiency, so too grow the risks that a ship could be hacked, the safety of its crew and cargo compromised.  “Cyber risk is real, it's really growing substantially, especially with increased concerns around geopolitical tensions, which is having a direct impact on maritime operations,” said Cedric Warde, Vice President, at Digital

If you’re an Old Trekkie like me, this will be interesting.  MIT has created a chip-based optical tractor beam that can focus a penetrating beam of light over 5 millimeters away from the surface of the chip itself.  That might not sound like much, but it's a game-changer compared to previous integrated "optical tweezers" that could only work within a few microns of the chip.  Those older approaches had to remove cells from their sterile glass containers (commonly used for biological experiments)

China-linked APT group Salt Typhoon (FamousSparrow and GhostEmperor) breached US broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data.

See:  https://redskyalliance.org/xindustry/hotels-under-attack

According to the Wall Street Journal, which reported the news exclusively, the security breach poses a major national security risk. The WSJ states that the compromise remained undisclosed due to possible impact on na

In a feat that seemed unachievable just a few short years ago, an international research consortium has recently unveiled the first complete wiring diagram of an entire fruit fly brain.  The map itself is accompanied by a cache of papers, demonstrating how this breakthrough is already leading to new scientific findings and there’s much more to come.

Why do we need brain maps anyway?  Maps that show every neuron in a brain and all the myriad connections between them are called connectomes. The fi

Your smartphone can be hit by various security threats, from phishing to malware to spyware. All it takes is one successful attack to take over your phone, compromise your data, and even steal your identity.  How do you protect yourself?  In a Mobile Device Best Practices report,[1] the National Security Agency (NSA) suggests tips designed to thwart hackers and attackers from assaulting your mobile device. One method is as simple as turning your phone off and on.

Spearphishing attacks can target

An extortionist armed with a new variant of MedusaLocker ransomware has infected more than 100 organizations a month since at least 2022, according to Cisco Talos, which recently discovered a "substantial" Windows credential data dump that sheds light on the criminal and their victims.  The miscreant, whom Talos calls "PaidMemes," uses a recent MedusaLocker variant called "BabyLockerKZ," and inserts the words "paid_memes" into the malware plus other tools used during the attacks.

Recent research

I recently saw the title of a Recorded Future podcast regarding AI and police reporting.  I have 28 years of law enforcement experience, 8 years as a uniformed police officer and this title really intrigued me.  So I watched the segment: AI is Writing Police Reports, Should We be Worried?[1]  

The story starts with police body cams, which began somewhat experimentally in 2011 and now has gain acceptance throughout US policing.  The main purpose of demanding police wear body cams was to change po

The CEO at Redwood Research, Buck Shlegeris, a nonprofit company exploring AI's risks, recently learned an amusing but hard lesson in automation when he asked his LLM-powered agent to open a secure connection from his laptop to his desktop machine.  "I expected the model would scan the network and find the desktop computer, then stop," Shlegeris explained.  "I was surprised that after it found the computer, it decided to continue taking actions, first examining the system and then deciding to do

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

The US Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is a significant piece of legislation passed in 2022, designed to tackle cyber incidents affecting critical infrastructure.  While its full impact is still unknown, CIRCIA presents new requirements for incident reporting that cyber risk professionals must understand and prepare for.

CIRCIA was created to help the US government coordinate responses to significant cyber incidents that affect essential services.  Its goal was

The US Cybersecurity and Infrastructure Security Agency (CISA), Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC) and other U.S. and international partners, co-sealed Detecting and Mitigating Active Directory Compromises. This guide informs organizations of recommended strategies to mitigate 17 common techniques used by adversaries and malicious actor to compromise Active Directory. 

The objective of malicious activity involving Active Directory is to escalate privileges

Government-run water systems are still at risk of attack by cybercriminals and nation-states, according to a new advisory from the US’s top cybersecurity agency.  The notice from the US Cybersecurity and Infrastructure Security Agency (CISA) came two days after Arkansas City, Kansas, reported a cybersecurity issue that forced it to switch to manual operations.

Last week, US DHS CISA said it continues to “respond to active exploitation of internet-accessible operational technology (OT) and indust

A US Federal Trade Commission (FTC) staff report found that social media and video streaming companies have been engaging in widespread user surveillance, particularly of children and teens, with insufficient privacy protections and earning billions of dollars annually by monetizing their data.   The FTC's findings were released after a probe that began nearly four years ago in December 2020 and started with 6(b) orders sent to Amazon (owner of Twitch), Meta (Facebook), YouTube, Twitter (now X C

The world of online gambling has exploded in popularity, offering convenience and excitement to millions of players worldwide.  But, with this digital gold rush comes a host of cybersecurity risks and challenges that affect gambling companies, players, and the third-party vendors who support them.  There are risks, challenges, and opportunities for online gaming companies, the folks who partake in online gambling, and the third-party vendors who are there to help keep systems and data secure.[1]

Professional sporting events have been prime targets for violent attacks and terrorism, because of their large audiences.  In recent years, these events have become targets of cyberattacks as adversaries exploit venue operations to disrupt events, abuse payment systems for fraud, breach networks to steal data, and take advantage of how athletes interact with fans.

While game time is pivotal, sports franchise operators and event organizers must also allocate resources to address many other vulner

After TikTok inquiry, Republicans call for investigation into Temu data practices.  The US House Republicans want answers from the FBI and other US agencies about how the popular Chinese online marketplace Temu handles the data of American citizens.  In a letter to the US Securities and Exchange Commission (SEC) and FBI, members of the Select Committee on Intelligence asked a range of questions about whether investigations are underway examining Temu and its parent company Pinduoduo (PDD).

Commi