X-Industry

US payments company NCR Corporation https://www.ncr.com  confirmed on 15 April 2023 that a data center outage resulted from a ransomware attack.  A well-known ransomware group has taken credit for the attack. NCR first reported investigating an “issue” related to its Aloha restaurant Point-of-Sale (PoS) product on 12 April 2023.   The company said a limited number of ancillary Aloha applications for a subset of its hospitality customers had been impacted by an outage at a single data center.  “O

Researchers have recently revealed that a hacking device can allow thieves to steal a wide range of car models using an attack method named Controller Area Network (CAN) injection.  Automotive cybersecurity experts at the EDAG Group and Canis Automotive Labs started analyzing these attacks after one of the researchers had his 2021 Toyota RAV4 stolen last year.  The car was actually stolen on two occasions.  He found that someone had pulled apart his headlight and unplugged the cables.  What init

A veteran cybercriminal has revealed what is really on the dark web - where hackers, hitmen and drug dealers run wild.

The source, who has spoken anonymously, explained how hackers use ransomware to steal data for large payouts or 'to just see the world burn' and explained that any system connected to the web is at risk of an attack.[1]

'I've watched hospitals get encrypted and people are left with a choice: do I pay to decrypt the data or do I risk lives?' the man said while donning a mask to c

The Iranian nation-state group known as MuddyWater has been observed directing destructive attacks on hybrid environments under the guise of a ransomware operation.  The name is not to be confused with McKinley Morganfield (April 4, 1913 – April 30, 1983), known professionally as Muddy Waters, was an American blues singer and musician.  Iran could be singing the blues if they keep this up.

According to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor ta

April 18^th was Tax Day in the US.  Did you file your taxes?  If, not you can always get an extension.  Either way, tax payers in the US need to heed the warning from Microsoft security investigators.  Microsoft is warning of a new Remcos Remote Access Trojan (RAT) campaign targeting accounting and tax return preparation firms in the US.  Tax season in the US has long represented an opportunity for cybercriminals to target unsuspecting victims in various types of malicious attacks, including malw

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

Millions of consumers are now being urged to check their devices quickly after security experts found a new threat targeting Android phones.  The team at McAfee Mobile Security discovered the most recent attack, which can infect well-known applications with a malicious software library and start carrying out tasks without the smartphone owners' authorization.[1]

Cyber criminals can use a contaminated app to view Wi-Fi history, Bluetooth devices connected to a phone, apps used, and even nearby GP

The Polish government warns that a cyberespionage group linked to Russia's intelligence services targets diplomatic and foreign ministries from NATO and EU member states in an ongoing campaign that uses previously undocumented malware payloads.  The group, known in the security industry as APT29, Cozy Bear, and NOBELIUM, is believed to be part of Russia's Foreign Intelligence Service (SVR) and is the group behind the 2020 supply chain attack against software company SolarWinds that led to the co

No charging station is safe, as the FBI is warning travelers looking to charge their devices in airports, hotels, and coffee shops that "Juice Jacking" is a thing as bad actors are using public chargers and even free cables and charging plugs to infect phones and other devices with malware.[1]

According to an FBI "Scams and Safety" brief, which also discusses system and data protection and protecting money information:

• Be careful when connecting to a public Wi-Fi network, and do not conduct sen

The US military forces used to actively recruit candidates who were avid gamers, due to their expertise in on-line problem solving and keyboard skills.  Now, on-line gaming forums have become a particular worry of the military because of their lure for young service members.  In many US military base recreation halls you will see it; young troops immersed in the world of online games, using government-funded gaming machines or their own consoles.[1]

The enthusiasm military personnel have for gam

In early February of 2022, Microsoft announced that Internet Macros would be blocked by default to improve the security of Microsoft Office.  According to their blog published in late Feb 2023, this change began rolling out in some update channels in April 2022. Other channels followed in July and October 2022, with the final rollout in January 2023.[1]

Office uses a specific algorithm to determine whether to run macros in files from the Internet.  The process starts by checking the file attribu

The US Cybersecurity and Infrastructure Security Agency (CISA), on 07 April 2023 added five security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.  This includes three high-severity flaws in the Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) that could lead to the execution of privileged commands on the underlying system.  The flaws were fixed in a patch released by Veritas in March 2021.

Cloudflare has recently released their Q1 DDoS threat report [5].  Thus, this is a good point for a discussion on DDoS attacks and some of the newer techniques involved with them.  First, we’ll get a little bit of a refresher on what DDoS attacks are, how they manifest and how things look when a service is being attacked, and how they can be detected.  From there, we’ll go into the typical mechanics of how a DDoS attack takes place and what sort of techniques and methods tend to be involved.  Th

Researchers at SentinelLabs have been monitoring a cluster of malicious Office documents that stage Crimson RAT, distributed by APT36 (Transparent Tribe) that target the education sector.  Analysts have assessed that this activity is part of the group’s previously reported targeting of the education sector in the Indian subcontinent.  Seen was APT36 (also known as Transparent Tribe) introducing OLE embedding to its typically used techniques for staging malware from lure documents and versioned c

As with other sports worldwide, the current National Basketball Association (NBA) scheduling involves technology and IT services, highlighting their critical role in the sports industry.  With so much data at their disposal, sports organizations have the power to make informed decisions and improve performance.  However, this also makes them a lucrative target for cybercriminals, increasingly targeting the sector.

So, Why Do Sports Organizations Get Hacked?  With cyber-attacks occurring daily an

Kaspersky has identified a new trend in phishing techniques, with threat actors increasingly utilizing Telegram to automate their activities and provide various services.  In a recent advisory, Kaspersky, one of their web content analysts, revealed that phishers create Telegram channels to educate their audience about phishing and share links to these channels via YouTube, GitHub, and phishing kits.  Many channels offer tools to automate malicious workflows, such as generating phishing pages or

This year millions of people have tried and been wowed by artificial-intelligence systems.  That is in no small part thanks to OpenAI’s chatbot ChatGPT.  When it launched last year, the chatbot became an instant hit among students, many of whom embraced it as a tool to write essays and finish homework.  Some media outlets went as far as to declare that the college essay is dead.  Alarmed by an influx of AI-generated essays, schools around the world moved swiftly to ban the use of the technology.

It is tax time again in the US.  And that means scammers are out there trying to steal your information.  Targeting calendar-based events enables threat actors to prepare ahead of time and have a new selection of targets on rotation.  This report covers a few examples of malware that take advantage of tax season.  Although such attacks may seem repetitive to the casual observer, threat actors would not continue to target taxpayers if previous attacks had not been successful.  And they were.[1]

X

In the cryptocurrency ecosystem, coins have a story, tracked in the unchangeable blockchains underpinning their economy.  The only exception, in some sense, is a cryptocurrency freshly generated by its owner's computational power.  Unsurprisingly, Kim Jong-Un’s North Korean hackers have begun adopting a new trick to launder the coins they steal from victims worldwide and use their dirty, stolen coins in services that allow them to mine innocent new ones.

Recently, cybersecurity investigators pub

The purpose of this report is to detail the artifacts left by a third-party remote access tool during its setup and use. A third-party remote access tool allows people not physically in contact with a device to control, interact with it, and see its screen.  Tools that do not allow visual interaction such as PsExec are not included in this study. 

The motivation to do this study came from a tweet made by @IcsNick, listing "Remote Admin Tools that are abused by threat actors"1.  Indeed, threat ac