X-Industry

Recently, executives from SentinelOne, Protect AI and IBM Consulting provided lawmakers on the cybersecurity and infrastructure protection subcommittee with a laundry list of recommendations to better combat AI threats.  Attacks by malicious hackers using artificial intelligence could swamp smaller companies that are already overwhelmed by cybercrime, experts warned lawmakers during a congressional hearing on 26 December 2023.[1]

Testifying before the House Homeland Security and Governmental Aff

The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in numerous global geographical areas of interest for information-gathering activity.

The UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the US National Security

China-linked hackers continue to target Barracuda Email Security Gateway (ESG) https://www.barracuda.com appliances, with recent attacks involving exploitation of a new zero-day vulnerability.  It was reported in May 2023 that a Barracuda ESG zero-day tracked as CVE-2023-2868 had been exploited since at least October 2022 to deliver malware and steal data from a limited number of organizations that had been using the email security product.  In June 2023, researchers attributed the attacks with

Standing at 6 feet 2 inches (188 centimeters) tall and weighing 300 pounds (136 kilograms), NASA's humanoid robot Valkyrie is an imposing figure.  Valkyrie, named after a female figure in Norse mythology and being tested at the Johnson Space Center in Houston, Texas, is designed to operate in "degraded or damaged human-engineered environments," like areas hit by natural disasters, according to NASA.  Robots like her could also one day operate in space.[1]

A humanoid robot resembles a person, typ

The mass outage of Ukrainian mobile and internet provider Kyivstar on December 12 last year has now been attributed to the Russian state-sponsored Sandworm group by Ukraine’s Security Service (SBU).  The attack resulted in a total outage of the networks provided by Kyivstar, which included several early-warning attack systems and caused a surge in traffic on other network providers in Ukraine as people sought alternative means of connectivity.  It has now been determined that the group were ling

The US military’s secretive X-37B robot spaceplane has blasted off from Florida on its seventh mission, the first launched atop a SpaceX Falcon Heavy rocket capable of delivering it to a higher orbit than ever before.  As on previous missions, there are no humans on board the reusable plane, which resembles a mini space shuttle and carries classified experiments.  The Falcon Heavy, composed of three rocket cores strapped together, took off from NASA’s Kennedy Space Center at Cape Canaveral more

The banking malware known as Carbanak has been observed to be used in ransomware attacks with updated tactics.  The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness.  Carbanak returned in November 2023 through new distribution chains and has been distributed through compromised websites to impersonate various business-related software.

See:  https://redskyalliance.org/Finance/never-take-malware-from-strangers

Some impersonated tools include popular

Nation-state cyber threat actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines.  The South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky.  "A notable point about attacks that use AppleSeed is that similar methods of attack have been used for many years with no si

A Tesla software engineer suffered severe injuries when he was attacked by a malfunctioning robot on the floor of the electric car maker’s factory in Austin, Texas.  Witnesses said that the robot, which was designed to move aluminum car parts, pinned the engineer and sank its metal claws into his back and arm, leaving a trail of blood along the floor.  The engineer was programming software that controls robots to cut car parts from freshly cast aluminum pieces.

While two of the robots were disab

Cybersecurity researchers at Deep Instinct Lab have revealed a new series of cyberattacks by ‘UAC-0099,’ specifically targeting Ukrainians.  These attacks employ common tactics, such as using fabricated court summons to entice targets into executing malicious files.

The group’s activities were initially revealed in May 2023 through the Ukrainian CERT advisory ‘#6710,’ and Deep Instinct has now provided exclusive insights into their latest attack.

According to a blog post from the company, on Dec

A Microsoft representative announced on 28 December 2023 that it is again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware.  "The observed threat actor activity abuses the current implementation of the ms-app installer protocol handler as an access vector for malware that may lead to ransomware distribution," the Microsoft Threat Intelligence team said.  It further noted that several cybercriminals are offering a malwar

Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets.  These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique.  A prominent contributor to this troubling trend is a notorious phishing group called Angel Drainer, which advertises a "Scam-as-a-Service" offe

Mortgage servicing firm LoanCare https://myloancare.com has started informing more than 1.3 million individuals of a data breach impacting their personal information.  A subsidiary of Fidelity National Financial (FNF), LoanCare provides loan sub-servicing for mortgage loaners, including banks, credit unions, and mortgage firms.  The data breach resulted from a cyberattack on FNF’s internal systems, LoanCare says in a notification letter sent to the impacted individuals, a copy of which was submi

A new malware loader is being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer (aka LummaC2), Vidar, RecordBreaker (aka Raccoon Stealer V2), and Rescoms.  This malware is a loader with three types of components: a downloader that downloads an encrypted payload, a loader that runs the payload from internal resources, and another loader that runs the payload from an external file on the disk.  Telemetry data gathered by investigators shows that detections

The malware loader PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk.  PikaBot was previously only distributed via malspam campaigns, similar to QakBot, and emerged as one of the preferred payloads for a threat actor known as TA577.  The malware family, which first appeared in early 2023, consists of a loader and a core module that allows it to operate as a backdoor and a distributor for other payloads.

See:  https://re

A look back - All has not been quiet on the malicious cybersecurity front over the past 12 months.  Innovation, cyberattacks and cyberespionage, and data breaches, malicious or inadvertent, have remained a constant.  At the same time, defenders have scored notable victories, including in Ukraine as well as by disrupting some big-name ransomware players.[1]  GovInforSecurity provides 12 notable incidents and trends of 2023 and their implications for the bigger cybersecurity picture:

Clop's MOVEit

A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language.  Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamper their investigation.  Nim-based malware has been a rarity in the threat landscape, although that has been slowly changing in recent years as attackers continue to either develop custom tools from scra

Microsoft representatives have warned that adversaries use OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks.  "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team said in an analysis.  The misuse of OAuth also enables threat actors to maintain access to applications even if the

Cybersecurity researchers have identified 116 malicious packages on the Python Package Index (PyPI) repository designed to infect Windows and Linux systems with a custom backdoor. Sometimes, the final payload is a variant of the infamous W4SP Stealer, a simple clipboard monitor to steal cryptocurrency, or both, noted investigators.

The packages are estimated to have been downloaded over 10,000 times since May 2023.  The threat actors behind the activity have been observed using three techniques

BlackCat/ALPHV ransomware leaders claim they have restarted operations on the group's primary blog, despite the Department of Justice claim that it gained control of the site. Further, in retaliation for the law enforcement actions against the gang, they announced they have dropped a previous ban on cyberattacks against critical infrastructure.  BlackCat also claimed that, beyond "Unseizing" the sites, the decryption key being offered by the FBI is outdated and from an older blog, according to a