All Articles (2242)

Sort by

10630504697?profile=RESIZE_400xActivity Summary - Week Ending on 8 July 2022:

  • Red Sky Alliance identified 24,005 connections from new IP’s checking in with our Sinkholes
  • DigitalOcean hit 103 x
  • Analysts identified 1,557 new IP addresses participating in various Botnets
  • ShadowPad
  • ToddyCat
  • Toll Fraud Malware
  • Marriott International
  • Ukraine, Dark Crystal RAT
  • Crema Finance
  • Maui Ransomware

Link to full report: IR-22-189-001_weekly189.pdf

 

10630436094?profile=RESIZE_400xA China-linked state-sponsored hacking group named Bronze Starlight was observed deploying various ransomware families to hide the true intent of its attacks.  In attacks observed as early as mid-2021, the threat group started using the HUI Loader to drop ransomware such as AtomSilo, LockFile, Night Sky, Pandora, and Rook.

See:  https://redskyalliance.org/xindustry/what-keeps-a-cfo-awake-at-night

The short lifespan of each ransomware family, victimology, and the access to tools employed by Chine

10628575893?profile=RESIZE_400xNews broke on 5 July 2022 that the operators of AstraLocker Ransomware were shutting down in favor of pursuing a new cryptojacking campaign.  The group shared decryptors with VirusTotal, and according to BleepingComputer the decryptors worked on test files that were recently encrypted by the ransomware.  AstraLocker was born out of the Babuk ransomware family.  In the Summer of 2021 Babuk ransomware group’s code was leaked and the similarities between the leaked code and AstraLocker’s code point

10625108672?profile=RESIZE_400x

Raccoon Stealer, one of the most prolific data stealers in digital history is back and more effective than ever.  The re-emergence of the malware, best known for stealing personal information like passwords, files, and biometric data was first spotted by French cybersecurity company Sekoia the last week of June 2022.  According to the firm's analysis, the authors of Raccoon Stealer have rewritten the code from scratch and added screenshot capturing and keystroke logging to its list of capabilit

10623002855?profile=RESIZE_400xIf you were one of the millions of people who watched Netflix's The Tinder Swindler, you may have shaken your head in wonder at how women could be allegedly hoodwinked out of millions of dollars.  People fall for these scams for the same reasons that they fall prey to cold-call scam texts claiming that their loved one is in hospital and fees urgently need to be paid: When emotions are involved, rational thinking can go out of the window.

See:  https://www.netflix.com/title/81254340

Simon Leviev,

10622735858?profile=RESIZE_400xThe cyber division of the Federal Bureau of Investigation (FBI) has published a notification, warning US colleges and universities that education and learning qualifications have been marketed for sale on the Dark Web and on online legal marketplaces and sites.  The warning targets universities, colleges, and higher education institutions that credentials have been advertised for sale on Dark Web criminal marketplaces. This exposure of sensitive credential and network access information, especia

10622720663?profile=RESIZE_400xAs witnessed by the violent criminal activity seen during the US 4th of July weekend; criminals appear to flourish on holiday weekends.  No difference with criminal hacking.  Cyber threat professionals and law enforcement officers are constantly reminding the public and private sector organizations to always remain vigilant and take appropriate precautions to reduce their risk of cyberattacks.  Often, malicious threat actors take advantage of holidays and weekends to disrupt the critical network

10614408283?profile=RESIZE_400xActivity Summary - Week Ending on 1 July 2022:

  • Red Sky Alliance identified 40,622 connections from new IP’s checking in with our Sinkholes
  • MS hit 45 x – 2nd week
  • Analysts identified 1,801 new IP addresses participating in various Botnets
  • DeadLocker
  • Symbiote
  • Killnet
  • СПИСОК_посилань_на_інтерактивні_карти[.]docx
  • Apple, Google and theUS FTC
  • Guns and California Data Hacks

Link to full report: IR-22-182-001_weekly182.pdf

10607427077?profile=RESIZE_400xSummary Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.  These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.  Visit stopransomware.gov to see all #StopRansomware advisories and to learn more

10606902855?profile=RESIZE_400xIf Artificial Intelligence applications (Ai) like Alexa really can convert voices, using less than a minute of recorded voice into real-time speech, it opens the door to dystopian gaslighting to a whole new level.  This could be frightening, creepy, disturbing and maybe even criminal.  The definition of gaslighting according to Merriam-Webster:  psychological manipulation of a person usually over an extended period of time that causes the victim to question the validity of their own thoughts, pe

10601683276?profile=RESIZE_400xThe Black Basta ransomware-as-a-service (RaaS) syndicate has amassed nearly 50 victims in the US, Canada, the UK, Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window.  "Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers, and more," Cybereason said in a repo

10599272298?profile=RESIZE_400xCryptocurrency storage is one of the most important things that investors should consider when joining the burgeoning digital asset market.  Most people investing in this space have little to no knowledge of the existing options.  Crypto exchanges currently hold the larger share of investors’ capital despite the associated risks, including hacking and regulatory pressures from oversight authorities. 

There are two types of crypto wallets; custodial and non-custodial. The former is offered by cen

10599094693?profile=RESIZE_400xIt has been reported that cyber criminals are sending out millions of phishing emails a day, using extortion and other schemes to steal Bitcoin and other cryptocurrencies from victims.  The phishing attacks use a variety of techniques to trick people into transferring sums of Bitcoin, including phony requests for charity donations and Business Email Compromise BEC scams.

See:  https://redskyalliance.org/xindustry/what-the-heck-is-bec

According to a report by cybersecurity researchers at Proofpoi

10590951269?profile=RESIZE_400xHave you ever heard of the term "cyber soldier"?  If yes, Uncle Sam wants you.  There are military hackers who do fascinating work.  From defending the nation's critical infrastructure to launching attacks on enemy targets, cyber soldiers get advanced training to conduct cyber warfare, even during peacetime.  A cyber soldier's job is to conduct defensive and offensive operations within the military.   Defensive operations refer to protecting their network from enemy cyber soldiers conducting off

10588774290?profile=RESIZE_400xFlagstar Bank, https://www.flagstar.com has recently disclosed a security incident that led to the exposure of personal data belonging to up to 1.5 million customers. According to cyber threat investigators, the data breach occurred between 3 December 3 and 4 December 2021.  The US financial organization is headquartered in Michigan and operates over 150 branches in areas including Indiana, California, Wisconsin, and Ohio.  Flagstar Bank serves both consumer and commercial businesses, holding $2

10588724464?profile=RESIZE_400xRecently, researchers have identified a new Android malware family capable of exfiltrating financial and personal information after taking control of infected devices. Named by researchers as MaliBot, the malware poses as a cryptocurrency mining application, but may also pretend to be a Chrome browser or another app. On infected devices, the threat focuses on harvesting financial information and stealing banking, finance, cryptocurrency and Personally Identifiable Information PII.

The malware us

10586267683?profile=RESIZE_400xA Russian official threatened the West on 08 June 2022, asserting that a “direct military clash” could result if Western governments continue to mount cyberattacks against its infrastructure.  “The militarization of the information space by the West and attempts to turn it into an arena of interstate confrontation, have greatly increased the threat of a direct military clash with unpredictable consequences,” the Russian foreign ministry’s head of international information security said in a stat

10579688677?profile=RESIZE_400xEver since the beginning of the Internet Age, the potential to weaponize digital technologies as tools of international aggression has been known.  This was exposed by Russia’s 2007 cyber-attack on Estonia, which was widely recognized as the first such act by one state against another.  In 2016, NATO officially recognized cyberspace as a field of military operations alongside the more traditional domains of land, sea and air.

The current Russia-Ukraine War demonstrates the next major milestone i