X-Industry

In 2019, a video surfaced of then - US Speaker of the House Nancy Pelosi that appeared to show her in an impaired condition.  The video was a deepfake featuring footage modified to make the Speaker seem intoxicated or unwell.  Yet despite its inauthenticity, the video went viral and received millions of views on social media.  Today, many users remain unable to tell the difference between deepfakes and legitimate media.

What Are Deepfakes?  Deepfakes are synthetic videos, images, or audio record

Generative artificial intelligence (AI) could be used by foreign adversaries to interfere in next year’s presidential election, President Joe Biden’s nominee to lead US Cyber Command and the NSA warned this past week.  “As we look at this election cycle, the area that we do have to consider that will be slightly different will be the role of generative AI as part of this,” an Air Force Lt. General told the US Senate Armed Services Committee during his second nomination hearing.  “And so, our con

Buying a house these days is almost insurmountable.  Who can afford to pay cash for a decent house, or even the minimum downpayment?  That’s where lenders come in.  Banks and finance companies have been doing this for years.  But now there is an elephant in the room, called AI.  The top US bank regulator is warning that lenders need to ensure that artificial intelligence tools don't perpetuate biases and discrimination in credit decisions.[1]

Federal Reserve Vice Chair for Supervision Michael Ba

The Biden administration recently announced a new cyber initiative to label smart devices considered safe and less vulnerable to attacks.  As part of the new cybersecurity labeling program, a new ‘US Cyber Trust Mark’ shield logo will be applied to products that meet specific cybersecurity criteria. 

Proposed by Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel, the program aims to improve the cybersecurity of smart devices, including smart consumer products and electronics,

Chrome Woes

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution.  Google Chrome is a web browser used to access the internet.  Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user.  Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts

The QR code system was invented in 1994 under a team led by Masahiro Hara from the Japanese company Denso Wave.  A QR code (quick-response code) was developed as a type of two-dimensional matrix barcode for labelling automobile parts.  Now, using a new twist to bypass detection from security solutions, cyber-attacks are now employing QR codes that your users will not recognize as anything suspicious.

Threat actors need some means of getting a user to engage with malicious content – whether an at

Cybercrime and cyber espionage activity continue to multiply against all industries and sectors, causing financial and material damage to targeted networks.  Cyber insurance has assisted in mitigating the impacts of cyber malfeasance, offsetting costs associated with recovering from cyber-attacks.  A Government Accountability Office report found that the increasing severity and frequency of cyberattacks led more organizations to seek cyber coverage, which has been increasing in price as the volu

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

A series of cyberattacks across Texas, including some in the Houston region, are part of a growing statewide and national trend of increasingly sophisticated groups working through computers to steal money and information, according to officials in the FBI. In 2022, for instance, the FBI received more than 21,800 complaints of a cyberattack called a business email compromise scheme, totaling around $2.7 billion in reported losses, said a spokesperson for the FBI's office in Houston. Of that tota

Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk.  These apps engage in deceptive behavior and secretly send sensitive user data to malicious servers in China.  Researchers have discovered this infiltration.  Their report shows that both spyware apps, namely File Recovery and Data Recovery (com.spot.music.filedate), with over 1 million installs, and File Manager (com.file.box.master.g

A hacker has created his own version of ChatGPT, but with a malicious bent: Meet WormGPT, a chatbot designed to assist cybercriminals.  WormGPT’s developer is selling access to the program in a popular hacking forum, according to email security provider SlashNext, which tried the chatbot.  “We see that malicious actors are now creating their own custom modules similar to ChatGPT, but easier to use for nefarious purposes,” the company said in a blog post.  

WormGPT (Credit: Hacking forum)

It look

A vulnerability has been discovered in Adobe ColdFusion which could allow for arbitrary code execution.  Adobe ColdFusion is a commercial web-application development platform designed to build and deploy web applications.  Successful exploitation of this vulnerabilities could allow for arbitrary code execution in the context of the logged on user.  Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts w

With his electric Kia EV6 running low on power, an EV driver pulled into a bank of fast-chargers near Terre Haute, Indiana, to plug in.  As his car powered up, he peeked at nearby chargers.  One in particular stood out.  Instead of the businesslike welcome screen displayed on the other Electrify America units, this one featured a picture of President Biden pointing his finger, with an “I did that!” caption.  It was the same meme the president’s critics started slapping on gas pumps as prices soa

With half of 2023 over, ransomware gangs have operated at a near-record profit, extorting more than $449 million from victims, according to blockchain research firm Chainalysis.  The figure likely pales in comparison to the actual totals because the research only looks at cryptocurrency wallets being monitored by the firm.  If the trends continue, ransomware groups are on pace to bring in nearly $900 million in 2023, only $40 million behind the peak of $939.9 million seen in 2021.

Chainalysis re

Since 2015, the PRC has passed or updated comprehensive national security, cybersecurity, and data privacy laws and regulations, expanding Beijing’s oversight of domestic and foreign (including US) companies operating within China.  Beijing views inadequate government control of information within China and its outbound flow as a national security risk.  These laws provide the PRC government with expanded legal grounds for accessing and controlling data held by US firms in China.  US companies a

As part of a recently identified cyber operation, the cybersecurity investigators report that a Russia-linked threat actor known as RomCom has been targeting entities supporting Ukraine, including guests at the 2023 NATO Summit taking place July 11-12.  The event takes place in Vilnius, Lithuania.  The NATO Summit has on the agenda talks focusing on the war in Ukraine and new memberships in the organization, including Sweden and Ukraine.

RomCom attackers are spoofing trusted software solutions t

The co-founder and CEO of Binance, Changpeng Zhao, the world's largest centralized cryptocurrency exchange by trading volume, cleared the FUD (fear, uncertainty, doubt) making rounds online that the crypto empire is dumping Bitcoin to artificially bolster and stabilize the price of its native token Binance Coin (BNB).

Even before the US Securities and Exchange Commission filed 13 charges against Binance.US, Zhao, and other associated businesses, the crypto empire had been the subject of many spe

British prosecutors say teen Lapsus$ member was behind hacks on Uber, Rockstar.  Earlier this week a British Crown Court lifted a reporting restriction, allowing the naming of a teenager who is accused of hacking Uber, Revolut, and video game developer Rockstar Games in a short period of time last September.  The teen, who is now 18, has been deemed not fit to stand trial by medical professionals.  The jury will decide whether he is liable for the hacking incidents rather than guilty of them.[1]

In mid-May 2023, TA453 - also known publicly as Charming Kitten, APT42, Mint Sandstorm, Yellow Garuda - sent a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs.  The email solicited feedback on a project called “Iran in the Global Security Context” and requested permission to send a draft for review.  The initial email also mentione

ZooTampa revealed it recently discovered a “cybersecurity incident” targeting its network environment.  The zoo told local media it took immediate proactive security measures to mitigate the impact.  “Upon detecting the incident, the Zoo took swift action and promptly engaged third-party forensic specialists to assist us with securing the network environment and investigate the extent of the unauthorized activity,” the zoo said in a statement.[1]

ZooTampa said it is also working with federal law