X-Industry

An information and hacking campaign, called Ghostwriter, with links to a foreign state has potentially had a "significant cumulative impact" over many years, according to a report from Cardiff University.  The findings, from the Security, Crime and Intelligence Innovation Institute, provide the most comprehensive picture to date of the activities of the so-called Ghostwriter campaign.

Tracking its evolving activities via open-source data, the report demonstrates how it has impersonated multiple

CISA Summary - Note: #StopRansomware is an CISA effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors.  These #StopRansomware advisories detail historically and recently observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.  Visit stopransomware.gov to see all #StopRansomware advisories and to learn about other ransomware threats and no-cos

The Russian hacking group known as 'Nodaria' (UAC-0056) is using a new information-stealing malware called 'Graphiron' to steal data from Ukrainian organizations.  The Go-based malware can harvest a wide range of information, including account credentials, system, and app data.  The malware will also capture screenshots and exfiltrate files from compromised machines.  Symantec's threat research team discovered that Nodaria has been using Graphiron in attacks since at least October 2022 through m

If you have ever sat and read an entire insurance policy, you are fully aware of the use of specific words and definitions and how the words apply to the coverage.  The definition of “war” and “cyber-war” are at issue.  Property policies' war exclusions were designed to apply to any type of nation-state attack, including cyber events, insurers told a New Jersey appellate panel on 8 February in a battle over whether Merck has coverage for $1.4 billion in losses stemming from the 2017 NotPetya cyb

The first Linux variant of the Clop ransomware was rife with issues that allowed researchers to create a decryptor tool for victims.  SentinelOne said it observed the first Clop (also stylized as Cl0p) ransomware variant targeting Linux systems on 26 December 2022.  Clop has existed since about 2019, targeting large companies, financial institutions, primary schools and critical infrastructure across the world. After the group targeted several major South Korean companies like e-commerce giant E

Our friends at the State of NJ, NJCCIC has provided a valuable alert - Vulnerable VMware ESXi Servers Targeted in Ransomware Attacks.  

Ransomware groups are actively exploiting a 2-year-old heap-overflow vulnerability, CVE-2021-21974 (CVSS v3.1 8.8), affecting OpenSLP used in VMware ESXi servers for versions 6.x and prior to 6.7, though threat actors may be leveraging other vulnerabilities or attack vectors, as earlier builds of ESXi appear to have also been compromised.  European cybersecurity

Future Shock was a book from the 1970’s that referenced what happens when people are no longer able to cope with the pace of change.  Whether you have noticed it or not, artificial intelligence (AI) is currently impacting every industry and almost every aspect of life.  AI-powered tools can now create legal documents, write reports and even teach you about a specific topic from a simple text prompt.   AI is even being used to assist with fraud detection, diagnose diseases and help with ensuring

With historic inflation, rising prices, the escalating Ukraine conflict, and massive job losses in banking and tech, policymakers and executives are stretched to deliver a recovery agenda to get the world back to normal.

Most have little bandwidth for yet more problems to solve, like the impending perils faced by cyber threats.  Sadie Creese, a Professor of Cyber Security at the University of Oxford, said, “There's a gathering cyber storm and it's really hard to anticipate just how bad that will

A ransomware attack that hit ION Trading UK could take days to fix, leaving scores of brokers unable to process derivatives trades.  ION Group, the financial data firm's parent company, said in a statement on its website that the attack began last week.  "The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing," ION Group said.  Ransomware is a form of malicious software deployed by criminal gangs which works by encry

A few weeks ago, Hackread.com reported about a malware-infected Android TV box available on Amazon: the T95 TV box.[1]  The box contained pre-installed malware, which was discovered by a Canadian developer and security systems consultant.   Now the same TV box is in the news again, and the person who has identified security threats is a Malwarebytes mobile malware researcher.  He purchased this device from Amazon to further probe and instantly realized something was off about this TV box.  He di

The end of encryption, also called the “Cryptopocalypse,” is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption. Since public key encryption is used to secure almost all data in transit, both between separate IT infrastructures and even within individual infrastructures, that data will become accessible by anyone with a sufficiently powerful quantum computer. Shor’s algorithm is a quantum computer algorithm for finding the prime factors o

As the volume of seaborne trade has continued to rise, congestion of trucks carrying freight in and around maritime ports has increased with it.  Long queues for these trucks are causing concerns for both port authorities and port operators.  These concerns include hardships imposed on truck drivers, disruption of traffic, environmental issues, and even degradation of a port’s brand.

What’s the answer?  Technology to keep the commodities moving. What could go Wrong?   Logistics provider, NEXT Tr

A pro-Russian hacking group is claiming responsibility for cyber-attacks on several hospitals in the United States.  The attack came just days after the Federal Bureau of Investigation (FBI) said it took down a ransomware group that was also targeting hospitals in what was called “The Hive” attack.

The US Attorney General says they’ve seen how cyber-attacks on medical facilities can be very disruptive.  “The Hive ransomware attack was able to prevent the hospital from accepting new patients,” th

Last week we presented a topic on our RedShort explaining the growing human engineering techniques; especially the use of cell phone calls.  The New Jersey NJCCIC recently detected an uptick in TOAD phishing campaigns. TOAD, or telephone-oriented attack delivery, is a type of social engineering attack that lures potential victims to contact fraudulent call centers managed by threat actors in attempts to steal credentials or install malware onto their systems.

The messages used in the observed TO

The following article is based on the opinions of cyber threats and financial professionals and is not intended to place blame on any parties.  It is an important topic that has been brought to the attention of the US Government, even before the fall of the FTX Exchange.

See:  https://redskyalliance.org/xindustry/sec-chairman-pushes-for-more-cryptocurrency-regulations

The seemingly limitless innovations from information technology have created enormous opportunities for all kinds of predatory be

In a recent report, Microsoft warns that phishing, fake software updates and unpatched vulnerabilities are being exploited for ransomware attacks.  More than one hundred different cyber-criminal gangs are actively conducting ransomware attacks, deploying over 50 different ransomware families in campaigns which see them encrypt networks and demand a ransom payment for the decryption key.  The analysis from Microsoft Security Intelligence notes that some of the most prominent ransomware attacks of

Do you know where your secrets are?  Hopefully they remain with YOU.  If you tell just one other person your secret, then it is not a secret anymore.  Next question, where are your cyber secrets?   Don’t know?  Well, hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, do not know where their cyber secrets are either.  It does not matter the organization's size, the certifications, tools, people, and processes: secrets are not visible in 99% of cases.

Keeping sec

Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line.

There are two main reasons why regular pen testing is necessary for secure web application development – Security: Web applications are constantly evolving, and new vulnerabilities are being discovered all the time. Pen testing helps identify vulnerabilities that could b

GitHub states that hackers gained access to its code repositories and stole code-signing certificates for two of its desktop apps: Desktop and Atom.  Although attackers exfiltrated a set of encrypted code-signing certificates, these were password-protected, so there is no possibility of malicious use.

GitHub revealed that on 7 December 2022, hackers gained unauthorized access to several of its code repositories and stolen code-signing certificates for two of its desktop apps: Atom and Desktop.