X-Industry

A deal between Stack Overflow https://stackoverflow.com and OpenAI https://openai.com seems to have triggered a battle between the developer forum and its users.  On 06 May 2024, Stack Overflow announced a new deal in which user content would be scooped up by OpenAI to train ChatGPT.  As a forum for developers and programmers, Stack Overflow is home to technical posts and content that is valuable to a generative AI service like OpenAI's ChatGPT.

The announcement compelled at least one user to mo

In today’s digitally connected world, passwords are the gateway to protecting our online lives, from email and social media accounts to banking and private data.  Yet, many users still use alarmingly weak passwords or reuse the same ones across multiple sites, putting our digital identities at severe risk.  What is your birth date, street address, or pet’s name?  World Password Day, observed annually on the first Thursday of May, is a crucial reminder to change these poor password habits and pri

US Cyber authorities are releasing this joint CSA to provide information on Black Basta, a ransomware variant whose actors have encrypted and stolen data from at least 12 out of 16 critical infrastructure  sectors, including the Healthcare and Public Health (HPH) Sector.  This joint CSA provides TTPs and IOCs obtained from FBI investigations and third-party reporting.

Black Basta is considered a ransomware-as-a-service (RaaS) variant and was first identified in April 2022.  Black Basta affiliate

In a comprehensive National Security Memorandum (NSM), the current administration has outlined its strategy for strengthening the security and resilience of United States critical infrastructure against threats like cyberattacks, natural disasters, and climate change.  The memorandum designates 16 critical infrastructure sectors, such as energy, transportation, and health care, and outlines roles and responsibilities for relevant federal agencies to identify and mitigate risks within each sector

In case you have not heard, 2024 is a big year for cicadas.  Cicada (family Cicadidae) is a family of more than 3,000 species of sound-producing insects. Cicadas are found worldwide in tropical and temperate areas and occur in deserts, grasslands, and forests.  Cicadas have been used in folk medicines, as religious and monetary symbols, and as an important source of food for humans and many other organisms. The cicada appears in the mythology, literature, and music of many cultures, including so

Shipping is increasingly subject to growing volatility and uncertainties from war and geopolitical events, climate change risks, such as drought in the Panama Canal, and the resurgence of piracy.  Allianz Commercial marine experts look at some of the major consequences, including the effect on crew, the prospect of more cyber-attacks and drone strikes, the threat the rise of the ‘shadow fleet’ poses to vessels and the environment, as well as the multi-faceted impacts of rerouting.

Recent inciden

The below information from DHS/CISA is a fact sheet which provides information and mitigations associated with cyber operations conducted by pro-Russia hacktivists who seek to compromise industrial control systems (ICS) and small-scale operational technology (OT) systems in North American and European critical infrastructure sectors, including Water and Wastewater Systems, Dams, Energy, and Food and Agriculture Sectors.[1]

The pro-Russia hacktivist activity appears mostly limited to unsophistica

Almost everyone knows dating sites can be dangerous, and you need to be careful. But a nasty new threat plays on those fears, and by the time you realize it, it could be too late…..Don't make this mistake on your dating app.

Online dating can be dangerous; who is at the other end of all those flirty and exciting messages, and whose pictures have they chosen to share?  But now, a new FBI warning has taken something of a twist because the latest threat to dating app users plays on those fears that

If you open your devices with a fingerprint or face scan, you are probably OK with tech companies having some of your biological data. Now, the rise of neurotech wearables is putting your brainwaves into question.   On 17 April 2024, the governor of Colorado signed a bill expanding the state's existing privacy law to include neural data or brain activity.  The bill added brainwaves under the umbrella of biological data, which it defined as "data generated by the technological processing, measure

From credential theft to social engineering and disinformation campaigns, cybercriminals and state sponsored threat actors continue to evolve their tactics and expand their ambitions.
Last week at RSA, Recorded Future (RF) showcased the ways they are innovating to help our clients thwart the adversary on every front. RF is doing so with a powerful
combination of Recorded Future’s automated threat intelligence solutions and highly skilled expertise, with a mission to prevent business disruption.1

The North Korea-linked threat actor known as Lazarus Group used its time-tested fabricated job lures to deliver a new Remote Access Trojan (RAT) called Kaolin RAT as part of attacks targeting specific individuals in the Asia region in summer 2023.  The malware could, aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from [command-and-control] server.   The RAT acts as a pathway to deliver the FudModule rootkit, which has be

A well-known Russian advanced persistent threat (APT) group has been using a custom tool to exploit a bug that been around for several years in the Windows Print Spooler service to elevate privileges and steal credentials in numerous intelligence-gathering attacks around the globe. It also appears to be paving the way for further attacks.  Fancy Bear (aka APT28, Forest Blizzard, Pawn Storm, Sofacy Group, and Strontium) is linked to the Russian General Staff Main Intelligence Directorate. It has

The maritime transportation system, the lifeblood of global trade, is undergoing a digital revolution.  Automation and artificial intelligence (AI) are transforming how ships operate and cargo moves.  However, this increased reliance on technology creates a double-edged sword: while AI offers powerful tools for cybersecurity, it also presents new vulnerabilities to exploit. The growing threat of adversarial AI (AAI) in maritime cyber security and how the industry can navigate these challenging w

Many game makers allow users to alter a game's appearance or behavior to increase its enjoyment and replay value.  Players can often also download packages created by others.  However, this is also a chance for attackers to distribute their malware. The below report examines a batch stealer distributed via a crafted Minecraft source pack.

The zEus stealer malware has been added to a source pack shared on YouTube. The name—zEus—is from a previous variant of this malware. The variant (d9d394cc2a74

The US Federal Communications Commission (FCC) recently levied fines totaling nearly $200 million against the four major carriers, including AT&T, Sprint, T-Mobile, and Verizon, for illegally sharing access to customers’ location information without consent.  The fines mark the culmination of a more than four-year investigation into the actions of the major carriers.  In February 2020, the FCC notified all four wireless providers that their practices of sharing access to customer location data

LockbitSupp, the pseudonymous leader of the LockBit ransomware group, was identified as a Russian national called Dmitry Khoroshev on 7 May as the United States, United Kingdom and Australia imposed financial sanctions against him.

A 26-count indictment has been unsealed in the US charging Khoroshev, with developing and operating the LockBit ransomware service.  He is accused of growing LockBit “into a massive criminal organization that has, at times, ranked as the most prolific and destructive

Last month, FortiGuard Labs observed a new botnet targeting a D-Link vulnerability from close to a decade ago, CVE-2015-2051. This vulnerability allows remote attackers to execute arbitrary commands via a GetDeviceSettings action on the HNAP interface.  As a result, an attacker can create a crafted HTTP request with a malicious command embedded in the header.

FortiGuard’s IPS signature captured attempts to exploit the CVE-2015-2051 vulnerability to propagate a new botnet that we have named “Gold

The US Department of Justice (DOJ) on 24 April 2024 announced the arrest of two co-founders of a cryptocurrency mixer called Samourai. It seized the service for allegedly facilitating over $2 billion in illegal transactions and laundering more than $100 million in criminal proceeds.  Keonne Rodriguez, 35, and William Lonergan Hill, 65, have been charged with conspiracy to commit money laundering and conspiracy to operate an unlicensed money-transmitting business from 2015 through February 2024.

DEV#POPPER is a social engineering campaign that has been tracked recently by the Securonix Threat Research team.  Social engineering is a topic we have covered many times, but ultimately what it boils down to is that social engineering attacks are generally geared towards tricking victims into compromising themselves.  With that in mind, the primary target for the DEV#POPPER campaign appears to be software developers who are looking for work. 

Job interviews can be an effective cover for socia

A newly identified Android Trojan can steal user information and allow attackers to take control of infected devices. Named Brokewell, the trojan includes all the capabilities of mobile banking malware while also providing attackers with remote access to devices. Brokewell is being distributed via fake application updates, such as newer Chrome browser iterations and updates for an Austrian digital authentication application.

The malware overlays fake windows over the targeted mobile applications