X-Industry

In the cryptocurrency ecosystem, coins have a story, tracked in the unchangeable blockchains underpinning their economy.  The only exception, in some sense, is a cryptocurrency freshly generated by its owner's computational power.  Unsurprisingly, Kim Jong-Un’s North Korean hackers have begun adopting a new trick to launder the coins they steal from victims worldwide and use their dirty, stolen coins in services that allow them to mine innocent new ones.

Recently, cybersecurity investigators pub

The purpose of this report is to detail the artifacts left by a third-party remote access tool during its setup and use. A third-party remote access tool allows people not physically in contact with a device to control, interact with it, and see its screen.  Tools that do not allow visual interaction such as PsExec are not included in this study. 

The motivation to do this study came from a tweet made by @IcsNick, listing "Remote Admin Tools that are abused by threat actors"1.  Indeed, threat ac

Tasmania's Tafe system, the state's Teachers Registration Board and the office of the Commissioner for Children and Young People have been caught up in a recent Tasmanian government data breach, but a security expert says reporting about hack needs to be measured.

On 7 April, the Tasmanian government said 16,000 documents had been released online after hackers accessed data from the Department of Education, Children and Young People through the third-party file transfer service GoAnywhere MFT. 

TikTok and its parent company ByteDance will continue to safeguard US user data from China, Erich Andersen, general counsel for TikTok, has confirmed.  ByteDance is developing technologies “to make it physically impossible for any government, including the Chinese government, to access US user data,” Andersen made the claims in an interview with The Associated Press (AP) on 31 March 2023.

See:  https://redskyalliance.org/xindustry/tiktok-and-bytedance-the-problem-of-chinese-social-media-in-the-u

Our friends at Sentinel Labs have provided a great report on Operation Soft Cell.

Summary

• In Q1 of 2023, Sentinel Labs observed the initial phases of attacks against telecommunication providers in the Middle East.
• We assess that this activity represents an evolution of tooling associated with Operation Soft Cell.
• While it is highly likely that the threat actor is a Chinese cyberespionage group in the nexus of Gallium and APT41, the exact grouping remains unclear.
• Sentinel Labs observed a well-m

Attackers have been abusing legitimate YouTube attribution links and a Cloudflare CAPTCHA to evade detection.  Cybersecurity company Vade said the use of YouTube attribution links was a new tactic for bypassing email filters scanning for suspicious redirects.

In a newly discovered phishing campaign, victims receive a spoofed email saying their Microsoft 365 password has expired. The email is personalized and contextualized to create an illusion of legitimacy.  Vade researchers noted that the ema

Healthcare companies are using electronic records and tapping digital services more than ever.  That is also creating more opportunities for cybercriminals, who already have exposed the private medical information of millions of patients and bolsters the case for the industry to make security priority No. 1, experts say.  Healthcare breaches have exposed 385 million patient records from 2010 to 2022, federal records show, though individual patient records could be counted multiple times.

Hacking

A recently identified dark web portal is offering illegal services related to financial fraud, identity theft, and money laundering.  Named the Styx Marketplace, the portal offers data dumps, cash-out services, fake and stolen IDs, SIM cards, multi-factor authentication bypass solutions, banking malware, and other types of illegal services.  Initially mentioned on the dark web in early 2022, the marketplace opened in January 2023, following an escrow module for brokering transactions between cyb

In the era of cyber wars, AI, and drones, wars are still being fought with 20th-century weapons that require massive amounts of ammunition.  Russia is sending a delegation to North Korea to offer food in exchange for weapons, US national security spokesman.  He said any arms deal between North Korea and Russia would violate UN Security Council resolutions.  The US has previously accused North Korea of supplying arms to the Russian military in Ukraine and the Wagner group of Russian mercenaries.

Specifically, water controllers for irrigating fields in Israel’s Jordan Valley were damaged, as were control systems for the Galil Sewage Corporation.  Hackers are shutting down the water for both irrigation and sewage control systems.  The management for both major systems was scurrying all day on 9 April morning to work through the issue and bring these vital systems back into full operation.  The specific source of the cyber-attack is currently unknown.

Cyber-attack warnings - Farmers in thi

An inconspicuous office is in Moscow’s north-eastern suburbs.  A sign reads: “Business Centre.”  Nearby are modern residential blocks and a rambling old cemetery, home to ivy-covered war memorials.  The area is where Peter the Great once trained his mighty army.  Inside the six-story building, a new generation is helping Russian military operations.  Its weapons are more advanced than those of Peter the Great’s era, not pikes and halberds, but hacking and disinformation tools.[1]

The software en

When investigating any crime, finding the motive or the reason for an individual committing the crime, is essential to finding the suspect.  There are many reasons, or motives for criminal activity: greed, envy, need, mental illness or revenge are common motivations.  So, who killed Bob Lee in San Francisco?       

Tech entrepreneur Bob Lee left San Francisco in October amid concerns over public safety and then returned on business and found himself pleading for help in a 911 call after sustaini

It is one of China’s most popular shopping apps, selling clothing, groceries and just about everything else under the sun to more than 750 million users a month.  But according to cybersecurity researchers, it can also bypass users’ cell phone security to monitor activities on other apps, check notifications, read private messages and change settings.  And once installed, it’s tough to remove.

While many apps collect vast troves of user data, sometimes without explicit consent, experts say e-com

Besides politics, artificial intelligence is all over the news today. Generative AI chatbots like ChatGPT can summarize scientific articles for you, debug your faulty code, and write Microsoft Excel formulas at your command.  But have you considered how many jobs AI can replace?  Goldman Sachs thinks something like 300 million.

See: https://redskyalliance.org/xindustry/the-future-is-here

According to the investment bank, about 300 million jobs could be lost to AI, signaling that the technology c

Manufacturing is the most targeted sector by cyberattacks, as reported by the World Economic Forum (WEF).[1]  The heavy digitalization of the manufacturing sector is yielding increased growth, efficiency and profitability.  This boost, however, has also exposed the sector to malicious actors looking to exploit vulnerabilities through sophisticated approaches.

For the second year running, manufacturing has been the most targeted sector by cyberattacks. Throughout 2022 alone, ransomware attacks on

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution.  Google Chrome is a web browser used to access the internet.  Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.  Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full us

By monitoring an open-source ecosystem, the FortiGuard Labs team recently discovered over 60 zero-day attacks embedded in PyPI packages (Python Package Index) between early February and mid-March of 2023.  In this report[1], analysts cover all the packages found, grouping them into similar attacks or behaviors.

The packages in this set were found to be similar:

• py-hydraurlstudy (version 2.37)
• tptoolpywgui (version 10.56)
• libgetrandram (version 7.78)
• esqultraultrapong (version 7.37)
• esqhacke

Ports in Europe are preparing for a major regulatory change next year in how the hundreds of companies in their global supply chains address cybersecurity as ports have become a target for criminal hacker groups and state-sponsored attacks.
Cybersecurity rules approved by the European Union (EU) for pharmaceuticals, transportation, energy and other critical infrastructure companies are set to take effect in 2024 and will require hundreds of firms that operate out of Europe’s big ports to use ba

The Homeland Security Information Network (HSIN) is the Department of Homeland Security’s official system for trusted sharing of Sensitive But Unclassified (SBU) information between federal, state, local, tribal, territorial, international, and private sector partners.  HSIN users rely on the platform to access mission-critical data, send requests securely between agencies, manage operations, coordinate planned event safety and security, respond to incidents, and share the information they need

Big-data analytics firm Databricks Inc. has emerged as an unlikely player in the generative artificial intelligence space. Databricks is open-sourcing a new AI model that it claims is “as magical as ChatGPT,” despite being trained on far less data in less than three hours using a single machine.

Databricks announced in a blog post today that it’s making what it calls ‘Dolly’ available for anyone to use, for any purpose, as an open-source model, together with all its training code and instruction