X-Industry

Five vulnerabilities, two deemed critical, have been found in the Terrestrial Trunked Radio (TETRA) standard.  TETRA is the most widely used police radio communication system outside the US.  It is used by fire and ambulance services, transportation agencies, utilities, military, border control, and customs agencies in more than 100 nations globally and by the UN and NATO.

The vulnerabilities were discovered by cybersecurity firm Midnight Blue (Amsterdam, Netherlands) with funding from NLnet as

Merchant vessels and ports are extraordinarily vulnerable to increasingly sophisticated cyberattacks against OT systems.  It is estimated that 90% to 95% of all shipped goods at some stage travel by sea.  This makes the global maritime industry the largest and most important supply chain.  Successful cyberattacks against the maritime supply chain would have the potential to damage individual companies, national finances, and even the global economy.

The maritime sector includes the ports and the

Elon Musk shocked Twitter users (again) with a rebrand of the social media platform, complete with a name change and a new logo that did away with the brand's iconic blue bird. Twitter is now X, with X.com redirecting to Twitter.com. But what is "X"? Musk's vision for X has been a long time coming, and the Twitter rebrand isn't as surprising as it may seem.  Just weeks before Musk acquired Twitter for $44 billion, he hinted at his vision for the social media platform, tweeting that "Buying Twitt

Maintaining today’s digital acceleration takes time, effort, and scrutiny.  Adding new tools and investments increases the complexity and vulnerability of enterprise security environments, exposing gaps in communication and collaboration, creating siloed systems, and slowing response times.  Securing the enterprise against today’s increasingly sophisticated threat landscape calls for a cybersecurity platform architecture automated for operational efficiency, a security architecture broad enough

A trio of influential artificial intelligence leaders testified at a congressional hearing on 25 July 2023, warning that the frantic pace of AI development could lead to serious harms within the next few years, such as rogue states or terrorists using the tech to create bioweapons.

See:  https://redskyalliance.org/xindustry/ai-and-its-hazards

Yoshua Bengio, an AI professor at the University of Montreal who is known as one of the fathers of modern AI science, said the United States should push fo

Maintaining today’s digital acceleration takes time, effort, and scrutiny.  Adding new tools and investments increases the complexity and vulnerability of enterprise security environments, exposing gaps in communication and collaboration, creating siloed systems, and slowing response times.  Securing the enterprise against today’s increasingly sophisticated threat landscape calls for a cybersecurity platform architecture automated for operational efficiency, a security architecture broad enough

The head of Russia’s space agency has extended an offer to Moscow’s partners in the BRICS group Brazil, India, China, and South Africa to participate in constructing a joint module for its planned orbital space station, state media reported on 24 July 2023.

See: https://redskyalliance.org/xindustry/the-brics

Construction of the planned space station follows Moscow’s decision last year to end its decades-long partnership with NASA and withdraw from the aging International Space Station, one of th

People interested in physical fitness and losing a couple of pounds have one more thing to worry about besides a visit to the bathroom scale.  Internet-connected Peloton fitness equipment is plagued with numerous security issues that could allow attackers to obtain device information or deploy malware.

An analysis of the software running on the Peloton Treadmill has revealed exposure to security risks associated with Android devices that are not updated to the most recent platform iterations, as

The Lazarus Group is North Korean state sponsored cybercrime group and they have been credited, in one way or another, with a recent social engineering campaign targeting developers on GitHub.  They are said to have been created by the North Korean government as early as 2007 and they are a part of the RGB, which is North Korea’s primary foreign intelligence agency.  “Lazarus Group” would appear to be the primary identity of the group, but they do have several aliases such as Appleworm, Group 77

CHRO Daily has shared some cyber security matters that keep experts awake at night.  Their goal was finding out what was top of mind for the world’s preeminent HR heads. Luckily, many leaders were willing to share their deepest motivations and frustrations of the job.  Below are some of the more impactful answers CHRO Daily received about their most significant concerns and preoccupations in the space.[1]

These interviews have been edited and condensed for clarity.

Allison Rutledge-Parisi, senio

A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it is a significant upgrade over the Pupy RAT, an open-source remote access trojan it is modeled on.  It is written in Python. Malware of this type is used to gain remote control of a target computer. Threat actors have been observed using a legitimate a process that reports errors in Windows (and Windows applications) to distribute Pupy.  RATs are designed to allow attackers to remotely control infected comput

Located at Groom Lake in the middle of the barren desert of southern Nevada, Area 51 is a U.S Air Force installation that has become infamous for a speculated connection with unidentified flying objects (UFOs).  Conspiracy theories surrounding the base suggest that it is used for the testing of alien technology recovered from supposed crash sites, like the famous one in Roswell, New Mexico. This has been fueled by the fact that the base was a secret for many years and is still inaccessible to th

An Application Programming Interface (API) is a set of defined rules that enable different applications to communicate with each other.  It acts as an intermediary layer that processes data transfers between systems, letting companies open their application data and functionality to external third-party developers, business partners, and internal departments.[1]

The definitions and protocols within an API help businesses connect the many applications they use in day-to-day operations, saving emp

The US Securities and Exchange Commission (SEC) this past week approved new rules that require publicly traded companies to publicize details of a cyber-attack within four days of identifying that it has a "material" impact on their finances, marking a major shift in how computer breaches are disclosed.  "Whether a company loses a factory in a fire, or millions of files in a cybersecurity incident, it may be material to investors," the SEC chair said.  "Currently, many public companies provide c

ChatGPT is a generative AI model that applies user inputs to train itself and continuously becomes more efficient.  Because ChatGPT has accumulated many more user interactions since its launch, it should, in theory, be much smarter as time passes.  Researchers from Stanford University and UC Berkeley conducted a study to analyze the improvement in ChatGPT's large language models over time, as the specifics of the update process are not publicly available.  To experiment, the study tested both GP

MSMQ is a proprietary messaging protocol developed by Microsoft that allows applications running on separate computers to communicate in a failsafe manner. MSMQ ensures reliable delivery by placing messages that fail to reach their intended destination in a queue and then resending them once the destination is reachable.  RabbitMQ is an open-source messaging queuing protocol similar to MSMQ.

The MSMQ service is hosted as a standalone Windows service under MQSVC.EXE.  The MSMQ operation is implem

Google’s malware scanning platform VirusTotal published an recent apology after hundreds of individuals working for defense and intelligence agencies globally had their names and email addresses accidentally exposed by an employee.

In a public statement, VirusTotal said it apologized “for any concern or confusion” the exposure may have caused and said it took place on 29 June, when the employee accidentally uploaded a CSV file to the platform.[1]  “This CSV file contained limited information of

Anyone can become a phishing attack expert on underground forums for as little as US$ 50.  For about a year, a new Phishing-as-a-Service (PaaS) offering has been used to target Microsoft 365 accounts in the manufacturing, healthcare, technology, and real estate sectors, according to cyber threat researchers.  Named ‘Greatness,’ the service has been used in several phishing campaigns since mid-2022, mainly targeting organizations in the US, with other victims in the UK, Australia, Canada, and Sou

Trend Micro has always taken extremely seriously its commitment to secure the connected, digital world.  But we also know that in the fight against cybercrime, its resources are most effective when shared and combined with others working towards the same goals.  That's why Trend Micro has no issues about teaming up with other security vendors, as well as academics and law enforcement agencies.  Red Sky Alliance has always held this collaborative approach.

This "better together" approach has seen

This week, Rust-based file-encrypting ransomware was found to be impersonating the cybersecurity firm Sophos https://www.sophos.com as part of its operation.  The malware named ‘SophosEncrypt’, the malware is being offered under the Ransomware-as-a-Service (RaaS) business model and appears to have already been used in malicious attacks.  After several security researchers warned of the new RaaS, Sophos said it was aware of the brand's impersonation and was investigating the threat.

See:  https:/