Amid an onslaught of high-profile cyberattacks showing how companies often neglect basic security measures, the Department of Justice is trying to use a law passed during the Civil War to put businesses on notice that these failures are unacceptable. Under the umbrella of DOJ’s Civil Cyber-Fraud Initiative, US government attorneys have since early 2022 deployed the pointedly named False Claims Act to punish contractors that mislead the government about their cybersecurity defenses, hoping to se
All Articles (2531)
Sort by
Microsoft will soon allow businesses and developers to build AI-powered Copilots that can work like virtual employees and perform tasks automatically. Instead of Copilot sitting idle waiting for queries, it will be able to monitor email inboxes and automate tasks or data entry that employees normally have to do manually. It is a big change in the behavior of Copilot, which the industry commonly calls AI agents or the ability for chatbots to intelligently perform complex tasks autonomously. “W
HP Wolf Security has published a report that finds that the tactics and techniques being used by cybercriminals are evolving. In contrast, different cybercriminals continue to exploit weaknesses that are simple to exploit. For example, cybercriminals use an advanced WikiLoader campaign to exploit open redirect vulnerabilities within websites to circumvent detection. Users are directed to trustworthy sites, often via fake advertisements, before being redirected to malicious sites. Elsewhere, c
The Advanced Research Projects Agency for Health (ARPA-H) announced on 20 May 2024 the launch of the Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE) program. This cybersecurity effort will invest more than $50 million to create tools for information technology (IT) teams to defend better the hospital environments they are tasked with securing.
Cyberattacks that hamper hospital operations can impact patient care while critical systems are down and can even lead to facility clo
More than $22 million worth of cryptocurrency was stolen from the Gala Games this week after someone compromised the blockchain platform. The company confirmed that it dealt with a security incident on 20 May, writing on social media that it was an “isolated incident, the cause of which has been addressed.”
“We are working closely with law enforcement to investigate the individuals behind the breach,” the company said, noting that it will provide updates as the investigation continues. Gala Ga
The National Security Agency (NSA) recently launched its Cybersecurity Collaboration Center (CCC) to proactively help private companies and federal partners fight off advanced cyber adversaries at no cost. Judging by the enthusiastic response so far, CCC’s services are poised to be in high demand.
Through the CCC, the NSA shares its extensive knowledge, threat intelligence, and advanced cybersecurity capabilities directly with organizations across technology, energy, finance, and more sectors.
Author William Lambers[1], presents his opinion on this Memorial Day 2024: “On Memorial Day we can honor the sacrifices of our soldiers and continue the quest for world peace. As President Dwight Eisenhower said of Memorial Day, ‘Let us reverently honor those who have fallen in war, and rededicate ourselves through prayer to the cause of peace, to the end that the day may come when we shall never have another war, never another Unknown Soldier.’ America’s aspiration, as President Eisenhower sa
A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro. Multiple malware variants suggest a broad cross-platform targeting strategy, while the overlapping C2 infrastructure points to a centralized command setup, possibly increasing the efficiency of
Activity Summary - Week Ending on 24 May 2024:
- Red Sky identified 6,686 connections from ‘new’ unique IP addresses
- contabo[.]com in Germany hit 29x
- 92 ‘new’ Botnets hits
- Cat-Phishing
- BITS
- AsyncRAT
- Protecting OT Networks
- UK Army Personnel
- Red Hat Downsizing
Link to full report: IR-24-145-001_weekly145.pdf
Gregg Lowe is feeling thoroughly happy about his technology buying decisions. A couple of years back, the CIO of Boyd Gaming, operator of 28 hotel and casino properties across the US states, was hip-deep in negotiations for a fresh enterprise agreement with VMware prior to its acquisition by Broadcom. Nutanix, which offers its own AHV hypervisor for free with its stack, was also present within the company, meaning Boyd could be paying for hypervisors it didn't need. So the company decided to
The European Union has warned Microsoft that it could be fined up to 1% of its global annual turnover under the bloc’s online governance regime, the Digital Services Act (DSA), after the company failed to respond to a request for information (RFI) that focused on its generative AI tools. In March 2024, the EU asked Microsoft and several other tech giants for information about systemic risks posed by generative AI tools. On 16 May 2024, the Commission said Microsoft failed to provide some reque
Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems and found they could use this data to monitor the destruction of Gaza, as well as the movement
Google is betting Microsoft Corp.’s very public cybersecurity failures, along with deep discounts will persuade corporate and government customers to use the search giant’s productivity software rather than Office. Some are insinuating Google is trying to steal customers.
Government agencies that switch 500 or more users to Google Workspace Enterprise Plus for three years will get one year free and be eligible for a “significant discount” for the rest of the contract, said Andy Wen, the senior
Multiple US and allied cybersecurity agencies have recently warned about an ongoing campaign by pro-Russia hacktivist groups to target and compromise operational technology (OT) systems across critical infrastructure sectors in North America and Europe. According to a new joint cybersecurity alert have been observed gaining remote access to small-scale industrial control systems used in water/wastewater, dams, energy, and food and agriculture by exploiting internet-exposed human-machine interfa
Recently, China’s Cybersecurity Industry Alliance (CCIA) published a report in an effort to further expose the suspected hegemonic practices and “bullying” behavior of the United States in cyberspace. The report is broken down into six sections based on perceived U.S. behaviors, purportedly drawing its sources from a variety of public and private organizations in an attempt to present an authoritative credibility that paints the United States as the primary obstacle to global cyberspace securit
VikingCloud recently released new research revealing 40% of cyber teams have not reported a cyber incident out of fear of losing their jobs, a disclosure that signifies a serious underreporting of cyber breaches globally. This trend also leaves businesses at risk of being non-compliant with emerging industry regulations, as well as vulnerable to rising attacks, reported in the survey to have both increased in frequency for 49% of companies and severity for 43% in the past 12 months.
The data ga
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate
Microsoft has recently declared that security will now be the company's topmost priority "above all else," even taking precedence over shipping new product features and capabilities. This commitment to making security job #1 comes on the heels of a string of incidents, including a major breach disclosed just two months ago, where Russian state-sponsored hackers tracked as Midnight Blizzard or Nobelium gained disturbing levels of access to Microsoft's internal systems and source code repositorie
The US Federal Trade Commission recently sent out a blog warning car companies about sharing automobile collected data. Who thought your car would be gathering information about you? Personal data is being collected every second, even in your vehicle.
“Some say a person's car can say a lot about them. As cars get ‘connected,’ this turns out to be truer than many might have realized. While connectivity can let drivers do things like play their favorite internet radio stations or unlock their
The Abu Dhabi Autonomous Racing League (A2RL) completed the world’s first autonomous auto race at the Yas Marina Circuit before a full front straight grandstand on the evening of 27 April 2024.
Four cars qualified for the final event, attempting what had never been done before racing wheel-to-wheel without any human intervention.
See: https://redskyalliance.org/automotive/hacking-your-new-car
Team TUM (Technical University of Munich) won the driverless race in a last-lap dash, overtaking Ital
