The US Department of Homeland Security has outlined plans to enhance cyber security through the Maritime Transport System (MTS). The department’s aim is to protect the system and infrastructure used to ensure safe and free navigation of US waterways. Ports are a vital part of the US economy, contributing $649 to GDP and generating 13 million jobs. The request for information will be used to help develop research to test the vulnerabilities of the port infrastructure. The study will help to d
All Articles (2633)
Sort by
The US Department of Justice (DOJ) announced on 04 September 2024 that it had seized 32 internet domains in a covert Russian government-sponsored foreign malign influence operation. This operation, known as "Doppelganger," targeted audiences in the United States and other countries to influence the 2024 US Presidential Election and other political objectives.
The DOJ's action reveals the extent of Russia's ongoing efforts to interfere in foreign elections and spread disinformation. The Russian
Sensitive information belonging to nearly one million Wisconsin residents was breached during the cybercriminal campaign last year that targeted the popular MOVEit file transfer service. The Centers for Medicare & Medicaid Services (CMS), the federal agency that manages the Medicare program and the Wisconsin Physicians Service Insurance Corporation (WPS) said last week that they have begun notifying people whose personal information leaked after hackers exploited a vulnerability in the MOVEit s
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate
Apple appears to have misled the UK's Competition and Markets Authority (CMA) in a regulatory filing that attempts to downplay competition concerns, according to Open Web Advocacy (OWA). OWA, a web technology lobbying group, flagged the alleged misstatement on 4 September document [PDF] filed by Apple last month in conjunction with the CMA's competition inquiry into the mobile browser and cloud gaming markets.
In footnote 142 on page 47, Apple says the CMA's analysis of the mobile browser marke
VirusTotal stores a vast collection of files, URLs, domains, and IPs submitted by users worldwide. It features a variety of functionalities and integrates third-party detection engines and tools to analyze the maliciousness of submitted artifacts and gather relevant related information, such as file properties, domain registrars, and execution behaviors. The VirusTotal dataset, the backbone of the platform, structures artifact-related information into objects and represents relevant relationsh
The first sample of RomCom ransomware was observed in early July 2023 on a publicly available file scanning site, about the same time as the first victim posted on its data leak site on 13 July 2023. Like most ransomware, this ransomware encrypts files on victims' Windows machines and demands a ransom to decrypt them via dropped ransom notes.
Infection Vector - Online reports indicate that the Russia-based RomCom group, or Storm-0978, is deploying the Underground ransomware. This threat group i
So maybe China and Russia are not such good friends after all. Cyber security researchers have uncovered an apparently new Advanced Persistent Threat (APT) group targeting Russian government entities, known as CloudSorcerer. They use a sophisticated cyber espionage tool, discovered by investigators and reported in an advisory they published in June, and is designed for covert data collection and exfiltration, using Microsoft Graph, Yandex Cloud, and Dropbox for its command and control (C2) inf
Since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors. The affiliates leverage a double-extortion model by encrypting systems and exfiltrat
A new malware called "Voldemort" has been making waves in recent weeks, sending over 20,000 emails worldwide as it spreads through phishing attacks. Discovered by IT security researchers at Proofpoint on 5 August, this malware has proven to be very deceptive. "Voldemort" employs a sophisticated tactic to evade detection: it disguises its network traffic as legitimate by using Google Sheets as an interface. This method allows the malware’s data transmissions to appear harmless, slipping past s
A controversial bill to regulate the Artificial Intelligence (AI) industry, SB-1047, has been passed by the California’s State Assembly Appropriations Committee. It will pass the California Senate by the end of this month before going to the Democrat Governor, Gavin Newsom, for signature to pass into law. The most controversial part of the debate is the question of who is legally responsible and takes the blame if the AI causes harm. Should the AI system be blamed or the person who used the A
The threat actors behind the BlackByte ransomware group have been observed likely exploiting a recently patched security flaw impacting VMware ESXi hypervisors, while also leveraging various vulnerable drivers to disarm security protections. "The BlackByte ransomware group continues to leverage tactics, techniques, and procedures (TTPs) that have formed the foundation of its tradecraft since its inception, continuously iterating its use of vulnerable drivers to bypass security protections and d
The German site of the company Hanwa Qcells, which offers solar systems and electricity, among other things, has suffered a cyberattack. According to a customer letter obtained by heise online, the attack on the company's IT systems occurred on 14 July 2024. Hanwa QCells has not yet responded to an inquiry from heise online about the incident. They replied, “We will provide a statement as soon as it is available.”
In the attack, unknown third parties allegedly were successful in gaining acces
The U.S. Securities and Exchange Commission (SEC) recently reached a settlement with Equiniti Trust Company, formerly known as American Stock Transfer & Trust, following two separate cyber intrusions that resulted in the loss of $6.6 million in client funds. Equiniti has agreed to pay $850,000 to settle charges that it failed to implement sufficient cybersecurity measures to protect its clients' assets.
The cyber intrusions occurred in 2022 and 2023 when hackers exploited vulnerabilities in Equi
FortiGuard Labs recently caught a phishing campaign with a malicious Excel document attached to the phishing email. Analysts performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger. Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities. It is a .NET-based software originally sold on a hacker forum. Once executed on a victim’s computer, it can steal sensitive data, including saved
The US oilfield services firm Halliburton reported on 21 August 2024 that it was hit by a cyber-attack. Halliburton said it was aware of an issue affecting certain systems at the company and was working to determine the cause and impact of the problem. A spokesperson said in an emailed statement that the company was also working with "leading external experts" to fix the issue.
The attack appeared to impact business operations at the company's north Houston campus and some global connectivity ne
Recent examination has connected a string of assaults against vital infrastructure in the US and India to the Chinese state-sponsored hacker collective Volt Typhoon. These assaults, which took use of flaws in software created by a startup company in California, have sparked concerns about the vulnerability of vital systems including communications networks, water facilities, and the electrical grid. The fact that US agencies are still on high alert despite denials from the Chinese government
Xeon Sender (aka XeonV5, SVG Sender) is a cloud attack tool that can be used to send Short Message Service (SMS) messages en masse to conduct spam and phishing (aka smishing) campaigns. Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers. There are no weaknesses on the service provider side that are leveraged for these attacks; rather, the tool uses legitimate APIs to enable bulk SMS spam attacks.
The
Last week, AutoCanada, a major Canadian car dealership, disclosed a cyber-attack that may result in disruptions. The incident was discovered on 11 August 2024, and it impacted some internal IT systems, the company reported. “Immediately upon detecting the incident, AutoCanada took action to safeguard its network and data. This included engaging with leading cybersecurity experts to assist us with containment and remediation efforts and conducting a thorough investigation to understand the sco
The staff at a poultry factory in Norfolk, UK have had their personal details stolen in a recent cyber-attack. Banham Poultry, based in Attleborough, UK said cyber criminals had remotely accessed its system in the early hours of 18 August. In an email sent to staff the company said information such as National Insurance numbers, copies of passports and bank details were accessed.
The company said it was providing staff with advice, credit monitoring and fraud detection following the security b
