X-Industry

On 12 January, Canadian alcohol retail giant LCBO announced that an “unauthorized party embedded malicious code” onto its website in order to steal information from customers in the process of checking out.  Over five days in January, they wrote, customers “may have had their information compromised.”  In fact, the infection was one of several to target LCBO customers in the last month, including an attack that lasted for more than a week that the company has not publicly acknowledged.

Researche

Currently, the primary target of the new Roaming Mantis malware is users in South Korea, but Kaspersky cybersecurity researchers suspect its scope will be expanded soon.  According to a report from Kaspersky Labs, the infamous Roaming Mantis attack campaign, aka Shaoye has resurfaced with a brand-new scheme.  As previously reported by Hackread.com, Roaming Mantis operators use DNS changer functionality to abuse compromised public WiFi routers.[1]

The objective is to infect a large number of Andr

A Swiss hacker says she found a copy of the FBI's "no-fly" list on an unsecured server.  The 2019 list, with over 1.5 million entries, includes an overwhelming number of Muslim passengers.  The server, maintained by CommuteAir, also held private employee data, such as passport numbers.  The FBI Terrorism Screening Center's secret "no-fly" list just got a lot less mysterious thanks to a bored Swiss hacker who was exploring unsecured servers in her free time.

Crimew, described by the US Department

Cyberattacks in the US have significantly increased over the past year, with the healthcare system and other critical sectors being attacked as the threat of malware like ransomware and foreign spyware continues to evolve.   During 2022, US government officials and lawmakers renewed their focus on cyber security and sought to secure the country’s critical sectors from rising cyber threats. This issue will increase in 2023, as many of those threats are still escalating while the cyber sector is c

Dandy Technology is committed to saving your lawn and back from weeds.  The new Dandy DT-01 and Dandy DT-01XL are lawn care robots designed for residential customers with up to one acre of coverage area, especially those looking to limit herbicide use.  This robot automatically solves two top gardening problems: removing weeds and reducing the amount of harmful chemicals used at home.

The Dandy DT-01 uses AI and visual processing technology to distinguish up to 95% of common broadleaf weeds from

In the last few years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, turning ransomware into the Internet's most severe security crisis.  Now, the US Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a new security warning.

Ransomware is a type of malicious software, or malware that prevents you from accessing your computer files, systems, or networks and d

According to trusted government sources, there is an increasing focus on US Cyber Command (CYBERCOM) to try and replicate the ability of the US Special Operations Command (SOCOM), the unified combatant command with the mission of overseeing the elements of the special operations in the US Armed Services to bring capabilities directly into the battlespace.  At a recent meeting, the chief of CYBEROM is quoted as saying that the command is “trying to build our authorities much in the same way Speci

A top US intelligence official on 12 January 2023 urged Congress to renew sweeping powers granted to American spy agencies to surveil and examine communications, saying they were critical to stopping terrorism, cyberattacks and other threats.  The remarks by an Army General - director of the National Security Agency, opened what’s expected to be a contentious debate over provisions of the Foreign Intelligence Surveillance Act that expire at year’s end.  The bipartisan consensus in favor of expan

The Russian invasion of Ukraine in early 2022 appears to have led to a double-digit decrease in stolen payment card records published to the dark web, according to researchers.

In a recent report, investigators analyzed detailed threat intelligence gleaned from the cybercrime underground to compile a report.  It reported a 24% year-on-year decrease in the volume of card-not-present records on dark web carding shops in 2022 to 45.6 million and a 62% slump in card present records, to 13.8 million.

The US Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec.  The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9) and command injection (CVE-2022-2068, CVSS score: 9.8).  Also patched by Siemens is an authentication byp

The Japanese auto company Nissan has sent out breach notification letters to thousands of customers to inform them of a leak of personal information (pii) through a third-party vendor.  The car company said it was notified on 21 June 2022 that names, dates of birth, and account numbers for Nissan Motor Acceptance Corporation, an indirect lender that helps people finance or lease Nissan vehicles, were exposed after it provided the customer information to an unnamed third party “for software testi

US President Biden signed the Quantum Computing Cybersecurity Preparedness Act into law on 21 December 2022.  The law is designed to secure the federal government systems and data against the threat of quantum-enabled data breaches ahead of ‘Q Day,’ the point at which quantum computers can break existing cryptographic algorithms.  Experts believe quantum computing will advance to this stage in the next five to 10 years, potentially leaving all digital information vulnerable to cyber-threat actor

Yesterday, the US Transportation Secretary said on a national news media outlet that the federal government is not prepared to rule out the possibility that a cyber-attack as behind the recent shutdown of the FAA's air traffic safety alert computer system on Wednesday morning.

The week ago, the US Federal Aviation Administration (FAA) discovered there was a “bug” in the NOTAM warning system on the night of 10 January and attempted a full reboot to fix the problem.  The reboot did not work.  The

The FortiGuard Labs team has discovered a new 0-day attack embedded in three PyPI packages (Python Package Index) called ‘colorslib’, ‘httpslib’, and “libhttps”.  These were found on 10 January 2023, by monitoring an open-source ecosystem.  The Python packages “colorslib” and “httpslib” were published on 7 January 2023, and “libhttps” was published on 12 January 2023.  All three were published by the same author, ‘Lolip0p’, as shown in the official PyPI repository.  ‘Lolip0p’ joined the reposito

Multiple government agencies and military bodies in the APAC region have been targeted by what appears to be a new advanced threat actor that uses custom malware.  Researchers refer to this group as Dark Pink (Group-IB) or Saaiwc Group (Anheng Hunting Labs), noting that it employs uncommon tactics, techniques, and procedures (TTP).[1]  The actor used DLL side-loading and event-triggered execution methods to run the payloads on compromised systems using the custom toolkit observed in the attacks.

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associa

Cybercriminals are still exploiting an old vulnerability in Intel drivers to gain access to networks in a way that allows them to bypass cyber security protections.  Cyber security researchers have detailed the attacks and suggest the campaign targeting Windows systems is the work of a cyber-criminal group they track as Scattered Spider, also known as Roasted 0ktapus and UNC3944.  Scattered Spider is a financially motivated cybercrime operation, which researchers say takes particular interest in

Third-party administrator of insurance products Bay Bridge Administrators (BBA)  https://www.bbadmin.com is informing roughly 250,000 individuals that their personal information might have been compromised in a September 2022 data breach.  Bay Bridge Administrators is a full- service, nationally-recognized, third party administrator of fully-insured employee benefit plans.  Representing top-rated insurance companies, Bay Bridge fills a niche market in the insurance industry by entering into agre

A financially motivated threat actor group tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador.  Cyber threat investigators offer new insights into the Spanish-speaking group's tactics and techniques, including the use of sophisticated tools and government-themed lures to activate the kill chain.

The group also tracked under the name APT-C-36, Blind Eagle is notable for its narrow geo

After being in the law enforcement and security profession for over 30 years, I trust very few people.  Maybe it’s just me, but I can be really rude on calls whom I don’t know calling my cell phone.  I don’t subscribe to being like me, but the barrage of suspicious calls, text messages and emails I currently receive seems to have drastically escalated.  All this harassment are social engineering tactics.  A recent article in Forbes highlights the need to play as a team. 

Social engineering attac