Technology has long been seen as a source of disruption to our lives, communities, and civilizations, provoking disruptive change at all scales, from individuals' routine daily activities to dramatic competition between global superpowers. This disruption can have positive and negative effects, although often unevenly distributed across different groups. New technologies, including Artificial Intelligence, Quantum computing, ChatGPT, and social media, have transformed the intelligence communit
All Articles (2537)
Sort by
Remote working brings benefits for employees, but by working from outside the company's internal network, there's also the added threat that employees are left more vulnerable to cyberattacks. And if hackers can compromise a remote employee by stealing their corporate username and password, or infecting their computer with malware, it could become a costly network security risk for the entire organization.[1]
Data breaches, phishing campaigns, ransomware attacks, and business email compromise
The Canadian military has discovered Chinese spy buoys in the Arctic which allegedly are monitoring US submarines and melting ice sheets. Such "activity is not new,” Canadian defense minister said in recent televised remarks, implying that China has been engaging in surveillance efforts in the region for some time.[1] Russia has long sought an Arctic trade route to create shorter vessel travel to Europe. Seems the Chinese may have the same idea, and oh; spy on its adversaries.
Officials descr
A 28-year-old Russian malware developer was extradited to the US where he could face up to 47 years in federal prison for allegedly creating and selling a malicious password-cracking tool. Dariy Pankov, also known as “dpxaker,” developed what the US Department of Justice (DOJ) called “powerful” password-cracking program that he marketed and sold to other cyber criminals for a small bitcoin fee. This case as reported by Recorded Future.
The tool called NLBrute, is a so-called brute-forcing tool
Russia-linked ransomware group Clop reportedly took responsibility for a mass attack on more than 130 organizations, including those in the healthcare industry, using a zero-day vulnerability in secure file transfer software GoAnywhere MFT.[1] Cybersecurity & Infrastructure Security Agency (CISA) added the GoAnywhere flaw (CVE-2023-0669) to its public catalog of Known Exploited Vulnerabilities. This Sector
Alert follows previous HC3 Analyst Notes on Clop (CLOP Poses Ongoing Risk to HPH Organiz
- A new threat cluster we track as WIP26 has been targeting telecommunication providers in the Middle East.
- Sentinel assess it is likely that WIP26 is espionage-related.
- WIP26 relies heavily on public Cloud infrastructure to evade detection by making malicious traffic look legitimate.
- WIP26 involves the use of backdoors, titled CMD365 and CMDEmber, which abuse Microsoft 365 Mail and Google Firebase services for C2 purposes.
- WIP26 also involves the use of Microsoft Azure and Dropbox instances as
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associa
A few years ago, Red Sky Alliance announced a new service named “Rocket Jot.” The service allowed a user to enter some/any topic terms, and in less than a minute, a complete written report was delivered in Word format to the user. The report often sounded a little like “robot speech” but was still complete and could be the basis for a “better” report with some grammar checking and additional sentences. It also delivered a complete list of sources used for the report. We offered the service
In 2015, ISIS conducted a series of coordinated attacks around Paris that killed 130 people and wounded nearly 500 more. Two years later, 39 people were killed in an ISIS attack on an Istanbul nightclub during the early hours of New Year’s Day. This week, the US Supreme Court will hear oral arguments in a pair of cases arising from those attacks. The justices’ decisions in Gonzalez v. Google and Twitter v. Taamneh could reshape legal liability for some of the nation’s largest technology compan
Vulnerability management comprises the entirety of workflows geared toward maintaining an up-to-date inventory of a company's digital assets, checking them for imperfections, and addressing the detected security loopholes. It revolves around the principle of monitoring and hardening the security condition of a corporate IT infrastructure continuously to ensure proactive defenses against different forms of exploitation.
There is a difference between the use of garden-variety vulnerability scanne
US banks are backing away from crypto companies, concerned by a regulatory crackdown that threatens to sever digital currencies from the real-world financial system. Banking regulators are raising concerns about banks’ involvement with crypto clients following last year’s blowup of Sam Bankman-Fried’s FTX. The Securities and Exchange Commission is aggressively pursuing the industry’s bigger players in a crackdown that threatens to narrow their reach. That move has alarmed bankers who don’t wan
A new financially motivated campaign that began in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas. Investigators said it "observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389." The attacks primarily focus on individuals, small businesses, and large organizations located in the US, and to a lesser extent in the UK, Turkey,
There seems to be a current trend of attacking the airline industry. In Germany, seven airports were hit by a suspected cyber-attack on 16 February. Düsseldorf, Nuremberg, and Dortmund airports were among those impacted, but the websites for Germany’s three busiest airports: Frankfurt, Munich, and Berlin—were all functioning normally. These airports were victim to large-scale DDoS attacks. Currently, other airport systems were not affected. From Reuters, the chief executive also added that
Cyber threat researchers have identified a set of 38 security vulnerabilities in the wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks. They can use these vulnerabilities to bypass security layers and infiltrate target networks,
Oakland California officials declared a state of emergency on 14 February after a cyberattack that first hit city technology systems last week, which continues to make it impossible to pay parking fees, fines and taxes online or connect by phone with most city departments. “The Office of the Mayor at Oakland City Hall. Oakland officials declared a state of emergency over a recent cyberattack that hobbled critical government technology systems.” Calls to 911 and city emergency services are stil
Cybersecurity researchers have found a new piece of evasive malware named “Beep” (just one Beep) designed to operate undetected and deliver additional payloads onto a compromised host. The authors of this malware were trying to implement as many anti-debugging and anti-VM (anti-sandbox) techniques as they could find, reported investigators. One such technique involved delaying execution through the Beep API function, hence the malware's name.[1]
All PCs previously shared an 8254 programmable i
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have few
The cyber threat landscape is very fluid, with cybercriminals constantly adjusting tactics to stay ahead of organizations. Commoditization is also making cybercrime easier through the use of toolkits.
Cybercrime has never been more accessible for opportunistic criminals. The proliferation of cybercrime marketplaces has seen collaboration increase, but also means hacking tools are more available than ever. In fact, 76 percent of malware kits are on sale for less than £10. These marketplaces h
Four out of five (79%) businesses make most cyber security decisions without insights into the threat actor targeting their infrastructures. The claims come from Google-owned threat analytics company Mandiant, which has also said that while 67% of cybersecurity decision makers believe senior leadership teams still underestimate cyber-threats, 68% agree their organization needs to improve its understanding of the threat landscape.[1]
The data in Mandiant's Global Perspectives on Threat Intellige
Qakbot was first observed in 2008. While it was originally a banking trojan, it has evolved over time to include gaining access, dropping additional malware, and performing other data-stealing, ransomware, and malicious activities across a network.
QakNote is the name of the new QakBot campaign. It was first reported by Cynet researcher, Max Malyutin, on Twitter, who explained that threat actors were experimenting with a new Distribution method to replace the former use of ma
