All Articles (2635)

Sort by

12931457261?profile=RESIZE_400xIn an era where digital threats loom large, the world finds itself grappling with an unprecedented surge in cyber-attacks.  Yeah, no kidding.  The landscape of digital security has become a battlefield, with corporate networks experiencing a staggering 30% increase in weekly attacks in the second quarter of 2024 compared to the same period in 2023.  Yet, a recent study by Kiteworks, a provider of secure content communication solutions, has revealed a significant knowledge gap in the US regarding

12934296672?profile=RESIZE_400xNorth Korean threat actors are expected to launch imminent attacks aimed at stealing funds from "organizations with access to large quantities of cryptocurrency-related assets or products," the FBI is warning, adding that the attacks will use particularly deceptive social engineering tactics, including highly personalized targeting that will appear extremely convincing.  In the last several months, federal officials have observed various state-sponsored actors from the DPKR conducting research o

12931370277?profile=RESIZE_400xThe US Department of Homeland Security has outlined plans to enhance cyber security through the Maritime Transport System (MTS).  The department’s aim is to protect the system and infrastructure used to ensure safe and free navigation of US waterways.  Ports are a vital part of the US economy, contributing $649 to GDP and generating 13 million jobs.  The request for information will be used to help develop research to test the vulnerabilities of the port infrastructure.  The study will help to d

12933589863?profile=RESIZE_400xThe US Department of Justice (DOJ) announced on 04 September 2024 that it had seized 32 internet domains in a covert Russian government-sponsored foreign malign influence operation.  This operation, known as "Doppelganger," targeted audiences in the United States and other countries to influence the 2024 US Presidential Election and other political objectives.

The DOJ's action reveals the extent of Russia's ongoing efforts to interfere in foreign elections and spread disinformation.  The Russian

12932553683?profile=RESIZE_400xSensitive information belonging to nearly one million Wisconsin residents was breached during the cybercriminal campaign last year that targeted the popular MOVEit file transfer service.  The Centers for Medicare & Medicaid Services (CMS), the federal agency that manages the Medicare program and the Wisconsin Physicians Service Insurance Corporation (WPS) said last week that they have begun notifying people whose personal information leaked after hackers exploited a vulnerability in the MOVEit s

12057871866?profile=RESIZE_400x

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

12924164482?profile=RESIZE_400xApple appears to have misled the UK's Competition and Markets Authority (CMA) in a regulatory filing that attempts to downplay competition concerns, according to Open Web Advocacy (OWA).  OWA, a web technology lobbying group, flagged the alleged misstatement on 4 September document [PDF] filed by Apple last month in conjunction with the CMA's competition inquiry into the mobile browser and cloud gaming markets.

In footnote 142 on page 47, Apple says the CMA's analysis of the mobile browser marke

12912560090?profile=RESIZE_400xVirusTotal stores a vast collection of files, URLs, domains, and IPs submitted by users worldwide.  It features a variety of functionalities and integrates third-party detection engines and tools to analyze the maliciousness of submitted artifacts and gather relevant related information, such as file properties, domain registrars, and execution behaviors.  The VirusTotal dataset, the backbone of the platform, structures artifact-related information into objects and represents relevant relationsh

12924237658?profile=RESIZE_400xThe first sample of RomCom ransomware was observed in early July 2023 on a publicly available file scanning site, about the same time as the first victim posted on its data leak site on 13 July 2023. Like most ransomware, this ransomware encrypts files on victims' Windows machines and demands a ransom to decrypt them via dropped ransom notes.

Infection Vector - Online reports indicate that the Russia-based RomCom group, or Storm-0978, is deploying the Underground ransomware.  This threat group i

12912122879?profile=RESIZE_400xSo maybe China and Russia are not such good friends after all.  Cyber security researchers have uncovered an apparently new Advanced Persistent Threat (APT) group targeting Russian government entities, known as CloudSorcerer.  They use a sophisticated cyber espionage tool, discovered by investigators and reported in an advisory they published in June, and is designed for covert data collection and exfiltration, using Microsoft Graph, Yandex Cloud, and Dropbox for its command and control (C2) inf

12912213289?profile=RESIZE_400xSince its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors.  The affiliates leverage a double-extortion model by encrypting systems and exfiltrat

12912127481?profile=RESIZE_400xA new malware called "Voldemort" has been making waves in recent weeks, sending over 20,000 emails worldwide as it spreads through phishing attacks.  Discovered by IT security researchers at Proofpoint on 5 August, this malware has proven to be very deceptive.  "Voldemort" employs a sophisticated tactic to evade detection: it disguises its network traffic as legitimate by using Google Sheets as an interface.  This method allows the malware’s data transmissions to appear harmless, slipping past s

12912112895?profile=RESIZE_400xA controversial bill to regulate the Artificial Intelligence (AI) industry, SB-1047, has been passed by the California’s State Assembly Appropriations Committee.  It will pass the California Senate by the end of this month before going to the Democrat Governor, Gavin Newsom, for signature to pass into law.  The most controversial part of the debate is the question of who is legally responsible and takes the blame if the AI causes harm.  Should the AI system be blamed or the person who used the A

12894967070?profile=RESIZE_400xThe threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections.  "The BlackByte ransomware group continues to leverage tactics, techniques, and procedures (TTPs) that have formed the foundation of its tradecraft since its inception, continuously iterating its use of vulnerable drivers to bypass security protections and d

12900829685?profile=RESIZE_400xThe German site of the company Hanwa Qcells, which offers solar systems and electricity, among other things, has suffered a cyberattack.  According to a customer letter obtained by heise online, the attack on the company's IT systems occurred on 14 July 2024.  Hanwa QCells has not yet responded to an inquiry from heise online about the incident.  They replied, “We will provide a statement as soon as it is available.”

In the attack, unknown third parties allegedly were successful in gaining acces

12900137492?profile=RESIZE_400xThe U.S. Securities and Exchange Commission (SEC) recently reached a settlement with Equiniti Trust Company, formerly known as American Stock Transfer & Trust, following two separate cyber intrusions that resulted in the loss of $6.6 million in client funds. Equiniti has agreed to pay $850,000 to settle charges that it failed to implement sufficient cybersecurity measures to protect its clients' assets.

The cyber intrusions occurred in 2022 and 2023 when hackers exploited vulnerabilities in Equi

12894596052?profile=RESIZE_400xFortiGuard Labs recently caught a phishing campaign with a malicious Excel document attached to the phishing email.  Analysts performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger.  Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities.  It is a .NET-based software originally sold on a hacker forum.  Once executed on a victim’s computer, it can steal sensitive data, including saved

12886802076?profile=RESIZE_400xThe US oilfield services firm Halliburton reported on 21 August 2024 that it was hit by a cyber-attack. Halliburton said it was aware of an issue affecting certain systems at the company and was working to determine the cause and impact of the problem. A spokesperson said in an emailed statement that the company was also working with "leading external experts" to fix the issue.

The attack appeared to impact business operations at the company's north Houston campus and some global connectivity ne

12894665500?profile=RESIZE_400xRecent examination has connected a string of assaults against vital infrastructure in the US and India to the Chinese state-sponsored hacker collective Volt Typhoon.   These assaults, which took use of flaws in software created by a startup company in California, have sparked concerns about the vulnerability of vital systems including communications networks, water facilities, and the electrical grid.  The fact that US agencies are still on high alert despite denials from the Chinese government

12895043483?profile=RESIZE_400xXeon Sender (aka XeonV5, SVG Sender) is a cloud attack tool that can be used to send Short Message Service (SMS) messages en masse to conduct spam and phishing (aka smishing) campaigns.  Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers.  There are no weaknesses on the service provider side that are leveraged for these attacks; rather, the tool uses legitimate APIs to enable bulk SMS spam attacks.

The