All Articles (2242)

Sort by

10812294100?profile=RESIZE_400xThe continued use of threat intelligence to combat nation-state espionage is an important practice for cybersecurity teams.  However, outside of common types of fraud seen on the dark web or closed forums, the same threat intelligence often is not leveraged to combat enterprise fraud.  Prevention is the key to protecting your organization from cyber breaches.  An effective defense uses all of the tools available to keep a breach from occurring in the first place. 

According to Sun-Tzu, a 4th-cen

10812254669?profile=RESIZE_400xThe Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. This new dropper does not rely on Accessibility permissions to automatically install the dropper Sharkbot malware.  This new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats.

See:  https://redskyalliance.org/xindustry/don-t-get-bitten-by-sharkbot

The apps in question, Mister Phone

10812238283?profile=RESIZE_400xCyber threats are an all too common danger for companies in all critical infrastructure sectors.  Historically, the threat of cyber-attack was thought to be largest against financial institutions, retail chains, and the medical sector.  However, as manufacturing has become more reliant on data and technology, the threat of cyber-attacks on the industry has grown.  This especially true for critical manfacturing, like aviation and the defense industrial base (DIB), but true for any manfacturing. 

10807500276?profile=RESIZE_400xPalo Alto Networks’ Unit 42 researchers have reported the emergence of a new Mirai botnet variant called MooBot.  This variant is looking for unpatched D-Link devices to create its army of DDoS (distributed denial of service) bots.  For compromising vulnerable D-Link routers, MooBot uses multiple exploits.

Re-Emergence of Notorious MooBot:  The MooBot botnet was first discovered by Qihoo 360’s Netlab in Sep 2019, whereas the most recent wave of attacks involving MooBot, before the one detected b

10807323087?profile=RESIZE_400xActivity Summary - Week Ending on 9 September 2022:

  • Red Sky Alliance identified 22,128 connections from new IP’s checking in with our Sinkholes
  • storeiq[.]eu in Poland hit 24x
  • Analysts identified 2,085 new IP addresses participating in various Botnets
  • Samsung Hack
  • Samsung’ Rebuttal
  • SharkBot
  • 3rd Party Vulnerabilities
  • AI Lessons
  • Eni in Italy
  • US – LA School District Hit

Link to full report: IR-22-252-001_weekly252.pdf

10807583873?profile=RESIZE_400xA malicious campaign mounted by the North Korea-linked Lazarus Group targets energy providers worldwide, including those based in the United States, Canada, and Japan.

The campaign is meant to infiltrate organizations worldwide to establish long-term access and subsequently exfiltrate data of interest to the adversary's nation-state, according to investigators.  Some elements of the espionage attacks have already been reported in the media.

See:  https://redskyalliance.org/xindustry/lazarus-grou

10806673666?profile=RESIZE_400xThe US National Security Agency’s No. 2 official said on 7 September that the US still outpaces foreign adversaries when it comes to cybersecurity and technology thanks to the country’s “open society.”  The US and its democratic allies “enjoy things that cannot be replicated easily in autocratic societies,” the NSA’s deputy director, said during the Billington Cybersecurity Summit in Washington, DC.[1] 

“The grist of that is innovation.  Innovation sparks creativity and solutions.  That puts us

10805878881?profile=RESIZE_400xA new Phishing-as-a-Service (PhaaS) named EvilProxy (also known as Moloch) was seen for sale in dark web forums, according to researchers.  Moloch ransomware is a computer virus infection that encrypts all personal victim files on an affected device and demands a ransom for unlocking them.  This file-locking parasite belongs to a relatively small Makop ransomware family compared to others, such as Djvu or Dharma.

EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA

10805742466?profile=RESIZE_400xArtificial intelligence (AI) can be trained to recognize whether a tissue image contains a tumor.  However, exactly how it makes its decision has remained a mystery until now.  A team from the Research Center for Protein Diagnostics (PRODI) at Ruhr-Universität Bochum is developing a new approach that will render an AI’s decision transparent and thus trustworthy. The researchers describe the approach in their journal Medical Image Analysis.[1] 

For the study, experts from the Ruhr-Universität’s S

10805304256?profile=RESIZE_400xThis joint CISA - Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.  These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.  Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about

10804958454?profile=RESIZE_400xAccording to recent studies, developers spend more time maintaining, testing and securing existing code than they do writing or improving code.  Security vulnerabilities have a bad habit of popping up during the software development process, only to surface after an application has been deployed.  The disappointing part is that many of these security flaws and bugs could have been resolved in an earlier stage and there are proper methods and tools to uncover them.  Everyone makes mistakes, even

10804163868?profile=RESIZE_400xJust what is for sale on the Dark Web?  According to a published report, the North Atlantic Treaty Organization (NATO) is investigating the leak of data reportedly stolen from a European missile systems firm, which hackers have put up for sale on the Dark Web.  The leaked data includes blueprints of weapons used by Ukraine in its current war with Russia.  Integrated defense company MBDA Missile Systems, headquartered in France, has acknowledged that data from its systems is a part of the cache b

10803337089?profile=RESIZE_400xHacks tied to Russia and Ukraine war have had minor impact, researchers say.  Although politicians and cybersecurity experts have warned about the potential for widespread hacks in the wake of Russia’s invasion of Ukraine, a new study finds that attacks linked to the conflict have had minor impact and are unlikely to escalate further.[1]  This is some positive news for cyber security.

Researchers from the University of Cambridge, the University of Edinburgh and the University of Strathclyde exam

10802052669?profile=RESIZE_400xAt its core, LastPass is a password manager.  A password manager is a software service that allows users to store encrypted passwords so they can be accessed easily when they are needed.  LastPass is indeed very popular, but it is only one of many widely known password managers, each with their own features, advantages, and disadvantages.  Other commonly known password managers include BitWarden, Dashlane, 1Password.

The apparent necessity for password managers has been prompted by the fact that

10801080089?profile=RESIZE_400xData usage on commercial maritime vessels has jumped more than threefold since 2019, according to a new communications analysis by Inmarsat.  The study found that the shipping industry’s reliance on digital connectivity to enhance operating efficiency and safeguard crew welfare has resulted in data usage among Inmarsat maritime customers rising almost 70 per cent in the 12 months to mid-2022.  Analysis of data usage by vessel operators shows year-on-year demand for data was highest among contain

10800975091?profile=RESIZE_400xThe Bolshevik Revolution was a rebellion against the banks, the state, the royals, the industrial class, entrepreneurship, and individualism.  The Bolsheviks saw everything as a class struggle wherein the working class (small blockers would say “the pleb”) was innately moral while essentially everyone else was evil due to their class.  Their worldview assumed that all people should be assumed malicious until vetted as an ally, and upon confirmation would typically adopt (typically red) regalia t

10800139063?profile=RESIZE_400xBlack Hat USA 2022  https://www.blackhat.com/us-22 never fails to deliver exciting, enlightening, and distressing discussions about the state of cybersecurity.  Analysts saw this at Black Hat impressed and worried us the most.   If you could not make the trip, here is a summary of 14 Black Hat topics.

 

 

 

  1. A Quarter Century of Hacking: The Black Hat security conference turned 25 this year, and the relentless passage of time was enough to scare some of our reporters. The conference marked the o

10796817259?profile=RESIZE_400xThe US Federal Bureau of Investigation (FBI) has issued a Private Industry Notification warning of malicious cyber actors using proxies and configurations for credential stuffing attacks on organizations within the United States.

See:  https://www.ic3.gov/Media/News/2022/220818.pdf

Credential stuffing is a form of brute force attack and shares many of the same commonalities that exploit leaked user credentials or ones purchased on the Dark Web that takes advantage of the fact that many individua

10796711491?profile=RESIZE_400xRussian cyberespionage group APT29, responsible for the devastating SolarWinds supply chain attacks in 2020, is back in the news.  In a technical report published by Microsoft, the APT29 cyber-spies have acquired authentication bypass of a new post-exploitation tactic.  Microsoft previously tracked the actors as Nobelium (a), Cozy Bear (b), and the Dukes (C).

Findings Details:  Microsoft wrote in its report that the hackers are targeting corporate networks with a new authentication bypassing tec