X-Industry

Not to be confused with the model/actress Yara Shahidi, today Labs Con will discuss using YARA in cyber diagnostics.  This must-see talk discusses a highly-regarded but rarely publicly investigated threat actor, malware similarity, and YARA.  Publicly available data yields just a generic AV signature with the actor’s name, leaving a void for malware analysts looking to understand the overlaps between different malware families attributed to the same actor.

Greg Lesnewich explores how analysts ca

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of

Clearing your cookie file on a regular basis, is a sound cyber security posture.  Recent hacker techniques are using session cookies as a successful by-pass to cause major cyber theft and or damage.  When visiting a website for the first time, you will invariably encounter a prompt to "accept cookies."  While allowing cookies lets you enjoy a custom experience, allowing you to bypass logging in and holding items in your shopping cart, not all cookies are intended to enhance your browsing experie

Note: this Recorded Future Ransomware Tracker is updated on the second Sunday of each month to stay current.  The number of victims posted on ransomware extortion sites increased in May, with ransomware gangs publicly claiming more than 400 attacks in a month for the second time this year. 

The uptick was fueled in large part by the Russia-linked LockBit ransomware group, which posted 74 victims to its extortion site in May.  The group has become far and away the most active ransomware gang, wit

Detection of malware is typically done using virus definitions or signatures in a database.  Security products, such as antiviruses, will scan files using a virus database to detect if the files are good or bad.  They detect files as good if they don’t match an entry in the database and consider files bad if they do match an entry. It works almost like an advanced blacklist.

Malware authors understand how security products work and build malware that these products cannot detect.  In the undergr

"There's a sucker born every minute" is a phrase closely associated with PT Barnum, an American showman of the mid-19th century, although there is no evidence that he said it.  Early examples of its use are among gamblers and confidence tricksters of the era.  A previously undetected cryptocurrency scam has leveraged over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021.

This massive campaign has likely resulted in thousands of people being scamm

Not every time there is a supply chain slowdown or stoppage, it is caused by criminal hackers.  The recent supply chain woes in Seattle and other maritime ports along the west coast of the US, is actually a worker’s slowdown.  The Port of Seattle shut its cargo operations on 10 June, adding to sporadic disruptions that have plagued West Coast ports for over a week.

The Pacific Maritime Association (PMA), which represents ocean carriers and terminal operators, blamed “coordinated and disruptive w

Researchers at FortiGuard Labs are aware of a critical zero-day SQL injection vulnerability in the MOVEit Secure Managed File Transfer software (CVE-2023-34362) allegedly exploited by the Cl0p ransomware threat actor.  High-profile government, finance, media, aviation, and healthcare organizations have reportedly been affected, with data exfiltrated and stolen.

Due to its severity, US CISA released an advisory for the vulnerability on 1 June 2023. They also updated the Known Exploited Vulnerabil

Ever since generative AI exploded into public consciousness with the launch of ChatGPT at the end of 2022, calls to regulate the technology to stop it from causing undue harm have risen to a fever pitch worldwide.  The stakes are high; technology leaders signed an open public letter saying that if government officials get it wrong, the consequence could be the extinction of the human race.

See:  https://redskyalliance.org/xindustry/the-future-is-here

While most consumers are just having fun test

Mark Twain once said, “It ain’t what you don’t know that gets you into trouble. It’s what you know for sure that just ain’t so.” Twain's quote provides two key lessons: first, why double negatives in a sentence are a terrible idea, and second, how assumptions can lead one into trouble. Assumptions affect all levels of decision-making; however, when national leaders make assumptions, trouble can rapidly escalate to chaos and turmoil.

Russian President Vladimir Putin and his military suffered fro

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Israel National Cyber Directorate (INCD) published a “Guide to Securing Remote Access Software,” which provides an overview of common exploitations and associated tactics, techniques, and procedures (TTPs) used by cyber threat actors to exploit the legitimate, beneficial use of this software for easy b

Many people have wondered what the YKK labeled zipper on their jeans and jackets really meant.  Well, hackers sure knew what YKK stood for: lots of ransom money. Japanese zipper giant YKK confirmed that its US operations were targeted by hackers in recent weeks but said it was able to contain the threat before damage was caused.

The Tokyo-based corporation would not say if it was hit with ransomware, but a spokesperson reported that once YKK discovered that its US-based networks were targeted, t

Cyber threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware designed to capture sensitive data from infected hosts.  The threat actor behind this Ransomware-as-a-Service (RaaS) promotes its offering on forums where it requests a share of profits from those engaging in malicious activities using its malware.

Cyclops ransomware is notable for targeting all major desktop operating systems, including Windows, macOS, and Linux.  It is also des

At a time when vessels and other critical maritime infrastructure are becoming increasingly connected to IT systems, less than half (40%) of maritime professionals think their organization is investing enough in cyber security, according to new research from DNV.[1]  While the maritime industry has focused on enhancing IT security over recent decades, said the class society, the security of operational technology (OT) – which manages, monitors, controls and automates physical assets – is ‘a more

A recent FBI report smishing attempts, which send text messages purporting to be from employees or company leadership to induce individuals to reveal personal information.  Actors conducting this scheme typically try to elicit financial information, personal identifiable information (PII), credentials, or details about a company and/or its employees.  The criminal threat actors in these instances are attempting to solicit and/or steal various types of information which could be used for financia

If you keep feeding the local stray cat, it will never go away.  Like malware, if you don’t stomp it out, it keeps harassing you.  The threat actors behind BlackCat ransomware have developed an improved variant that prioritizes speed and stealth to bypass security guardrails and achieve their ransom objectives.  The new version, Sphynx, and announced in February 2023 and includes updated capabilities that strengthen the group's efforts to evade detection.  The "product" update was first highligh

A tractor beam is a device with the ability to attract one object to another from a distance. The concept originates in fiction: The term was coined by E. E. Smith (an update of his earlier "attractor beam") in his novel Spacehounds of IPC (1931). Since the 1990s, technology and research has labored to make it a reality, and have had some success on a microscopic level. Less commonly, a similar beam that repels is called a pressor beam or repulsor beam. Gravity impulse and gravity propulsion bea

The human element is near and dear to my heart in the world of Cyber Security.  As cyberattacks intensify, more and more organizations recognize the need to have a strong security culture for all employees.  This cyber-aware workforce is a necessary addition to a skilled and knowledgeable security team and the use of advanced cybersecurity solutions.  Employees who know how to practice good cyber hygiene are increasingly seen as a crucial line of defense.

Bolstering cyber defenses will be import

According to industry experts, predictions about the BRICS countries as the fastest-growing economies have not happened. Instead, the alliance now offers a diplomatic forum and development financing outside the Western mainstream.  The acronym began as an optimistic term to describe countries with fast-growing economies at the time.  But now the BRICS nations, Brazil, Russia, India, China, and South Africa, are setting themselves up as an alternative to existing international financial and polit

ChatGPT is a large language model (LLM) falling under the broad definition of generative AI.  The sophisticated chatbot was developed by OpenAI using the Generative Pre-trained Transformer (GPT) model to understand and replicate natural language patterns with human-like accuracy.  The latest version, GPT-4, exhibits human-level performance on professional and academic benchmarks.  Without question, generative AI will create opportunities across all industries, particularly those that depend on l