X-Industry

Meta’s decision to close its CrowdTangle division, a tool that tracks content across social media, has raised the ire of more than 100 research and advocacy groups who say it will make it harder to fight disinformation.

Groups including the Mozilla Foundation, the Center for Democracy and Technology and Access Now sent the social media behemoth an open letter Thursday decrying the decision to shutter the unit in August, asking Meta to, at a minimum, invest in CrowdTangle through January.  Meta a

On 16 March 2024, Sentinel Labs identified a suspicious Linux binary uploaded from Ukraine.  Initial analysis showed surface similarities with the infamous AcidRain wiper used to disable KA-SAT modems across Europe at the start of the Russian invasion of Ukraine (commonly identified by the ‘Viasat hack’ misnomer).  Since our initial finding, no similar samples or variants have been detected or publicly reported until now.  This new sample is a confirmed variant called ‘AcidPour’, a wiper with si

A sophisticated Brazilian banking Trojan uses a novel method to hide its presence on Android devices.  A multi-tooled Trojan cuts apart Brazil's premier wire transfer app.  Could similar malware do the same to Venmo, Zelle, or PayPal?

"PixPirate" is multipronged malware specially crafted to exploit Pix, an app for making bank transfers developed by the Central Bank of Brazil. Pix makes a good target for Brazil-nexus cybercriminals since, despite being hardly three years old, it is already integr

Britain’s democracy is under threat from Chinese cyber-attacks, this reported as Parliament was informed on 25 March of this warning after the hacking of voter details and the targeting of several China hawks in Parliament has occurred.  The UK’s Deputy Prime Minister, briefed MPs on the cyberthreat from China and is expected to announce reprisals against those believed to be involved, according to government insiders.  He pointed the finger at China over an alleged hacking that hit British vote

Leaders of South Florida’s Port Everglades and Port Miami have met with US Coast Guard officials to review cybersecurity programs aimed at reducing the possibility that giant Chinese-made cranes operating at the region’s ports and others in the US pose a national security threat. 

In late February, the Biden administration announced it planned to invest billions in the US manufacture of ship-to-shore cranes that transfer millions of tons of cargo annually at major American seaports.  The action

DarkGate malware operators have been exploiting a now-patched Windows SmartScreen bypass flaw through a phishing campaign that distributes fake Microsoft software installers to propagate the malicious code.  Researchers discovered a then zero-day Internet Shortcut Files security feature bypass vulnerability tracked as CVE-2024-21412 earlier this year. Microsoft patched it as part of its February 2024 edition of Patch Tuesday updates.  That was not before attackers such as Water Hydra exploited i

Two teenage boys from Miami, FL, were arrested in December of last year for allegedly creating and sharing AI-generated nude images of male and female classmates without consent, according to police reports obtained via a public record request. The arrest reports say the boys, aged 13 and 14, created the images of the students “between the ages of 12 and 13.”  For readers who have watched the 1981 sex comedy film “Porky’s,” this mischief is similar but is a 21st-century version.  https://www.jus

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint distributed denial-of-service (DDoS) attack guidance for federal, state, local, tribal, and territorial government entities to serve as a comprehensive resource to address the specific needs and challenges faced by government agencies in defending against DDoS attacks.

Distributed denial-of-service a

Our friends at Fortinet, https://www.fortinet.com has patched a critical Remote Code Execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) for managing endpoint devices.  The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a direct-attached storage component of the server.  It gives unauthenticated attackers a way to execute arbitrary code and commands with system admin privileges on affected systems, using specially crafted requests.[1]

For

The attached US DHS CISA fact sheet provides an overview for executive leaders on the urgent risk posed by People’s Republic of China (PRC) state-sponsored cyber actors known as “Volt Typhoon.”  CISA—along with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and other US government and international partners1—released a major advisory on 7 February 2024, in which the U.S. authoring agencies warned cybersecurity defenders that Volt Typhoon has been pre-positioning t

The first person in the UK to be convicted of a ‘cyber flashing’ offence has been jailed for 66 weeks after a judge warned him, she had a “duty to protect” victims.  The sentence was passed down at Southend Crown Court after sending unsolicited explicit photos to a 15-year-old and a woman.  The 39-year-old male, from Basildon, Essex, sent the victims digital pictures of his genitals on 9 February 2024.[1] 

Cyber flashing refers to the sending of an unsolicited sexual image to people via social m

The technical article below from Palo Alto Networks focuses on the newly released BunnyLoader 3.0, a historical observation of BunnyLoader infrastructure, and an overview of its capabilities.  BunnyLoader is dynamically developing malware that can steal information, credentials, and cryptocurrency and deliver additional malware to its victims.  In an increasingly cutthroat market, cybercriminals must regularly update and retool their malware to compete with other cybercriminals, security tools,

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

A leading cyber security firm, Cybereason[1], has announced the results of its third annual ransomware study, commissioned to better understand the true impact of ransomware on businesses. This global study reveals that ransomware attacks are becoming more frequent, effective, and sophisticated.

See:  https://redskyalliance.org/xindustry/100-50-1-100-ransomware-gangs-using-50-types-of-malware

The Report Ransomware: The True Cost to Business 2024 reveals that of the organizations who opted to pay

The US House of Representatives has passed legislation that could lead to a nationwide ban on the popular video-sharing app TikTok, reigniting debates around data privacy, national security, and the limits of government oversight.  The bipartisan bill, named the Protecting Americans from Foreign Adversary Controlled Applications Act, requires the Chinese company ByteDance to divest its ownership of TikTok.  If it fails to do so, the app would be prohibited from operating in the United States, an

A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation.  Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit ransom demands in connection with doing so."

The defendant, who had his home searched by Canadian law enforcement

The Russian-speaking cybercrime group called RedCurl is leveraging a legitimate Microsoft Windows component called the Program Compatibility Assistant (PCA) to execute malicious commands.  The Program Compatibility Assistant Service (pcalua.exe) is a Windows service designed to identify and address compatibility issues with older programs.  Adversaries can exploit this utility to enable command execution and bypass security restrictions by using it as an alternative command-line interpreter. In

The US Department of Justice claims that it has disrupted a botnet controlled by the Russian state-sponsored hacking group Forest Blizzard, also known as Fancy Bear. The Russian hackers' targets include US and foreign governments, military entities, and security and corporate organizations. The FBI operation copied and deleted stolen files and other data from the compromised routers and, working with local Internet service providers, the FBI then informed the owners and operators of the routers.

A new phishing campaign has been observed delivering Remote Access Trojans (RAT) such as VCURMS and STRRAT using a malicious Java-based downloader.  The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware, an unusual aspect of the campaign is VCURMS' use of a Proton Mail email address ("sacriliage@proton[.]me") for communicating with a command-and-control (C2) server.

The attack chain commences

Magnet Goblin, a financially motivated threat actor, is swiftly adopting one-day security vulnerabilities into its arsenal to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts.  Threat actor group Magnet Goblin's hallmark is its ability to swiftly leverage newly disclosed vulnerabilities, mainly targeting public-facing servers and edge devices.  In some cases, the deployment of the exploits is within 1 day after a [proof-of-concept] is publi