X-Industry

In today's digital world, automation is becoming increasingly widespread, giving rise to the prominence of bots. Bots are highly versatile software programs designed to automate tasks and streamline processes. While they offer convenience and efficiency, we must recognize the potential for misuse.

Over the past few years, bots have emerged as a new cybersecurity threat, as they can be manipulated for malicious purposes. This article will explore the realm of malicious bots, uncover their cyberse

The Office of the Australian Information Commissioner (OAIC) says some of its files were stolen in a ransomware attack on law firm HWL Ebsworth https://hwlebsworth.com.au.

One of the largest law firms in Australia, HWL Ebsworth, says in an incident notice on its website that it became aware of the incident on 28 April 2023, after the ALPHV_BlackCat ransomware gang boasted about the hack, and that it immediately informed the Australian authorities and started investigating the incident.[1]

See: 

The Healthcare and Public Health (HPH) sector issued a warning on 22 June regarding SEO Poisoning.  Search engine optimization (SEO) poisoning, considered a type of malvertising (malicious advertising), is a technique used by threat actors to increase the prominence of their malicious websites, making them look more authentic to consumers.  SEO poisoning tricks the human mind, which naturally assumes the top hits are the most credible and is very effective when people fail to look closely at the

During their test, researchers from JUMPSEC managed to trick Microsoft Teams’ security mechanism into sending malware to the organization’s inbox by making it think that an external user was internal.

JUMPSEC’s Red Team members have discovered a security vulnerability in the External Tenants feature of Microsoft Teams that allows malware to be directly delivered to an organization’s employees.  Attackers can inject malware into any system that uses Microsoft Teams’ default configurations and lev

Cybercriminals use various tactics to determine your passwords, and many people make an effort easier by using weak and simple ones.  A new study from the payment firm Dojo on the most hacked passwords may help you stay safer online by knowing which mistakes to avoid.  From the RockYou2021 collection of breached password lists, Dojo was able to examine more than 6 million such passwords.  As a result, the firm uncovered the most commonly-used passwords, their average length, and the most popular

As anyone who regularly games online can attest, DDoS (dedicated denial of service) attacks are an irritatingly common occurrence on the internet.  Drawing on the combined digital might of a geographically diffuse legion of zombified PCs, hackers can swamp game servers and prevent players from logging on for hours or days at a time.  The problem has metastasized in recent years as enterprising hackers have begun to package their botnets and spamming tools into commercial offerings, allowing any

Sentinel Labs reports that in a previous post in this series, we looked at powering up radare2 with aliases and macros to make our work more productive. Still, sometimes we need the ability to automate more complex tasks, extend our analyses by bringing in other tools, or process files in batches.  Most reverse engineering platforms have some scripting engine to help achieve this kind of heavy lifting, and radare2 does, too.  In this article, researchers learn how to drive radare2 with r2pipe an

Remember the old phrase, “We are from the government and we are here to help?”  A bipartisan group of lawmakers introduced legislation on 20 June 2023 that would create a blue-ribbon commission on artificial intelligence to develop a comprehensive framework for the regulation of the emerging technology.  This raises the question, “What about the other countries, friends or foes and their intentions of using AI?” 

See:  https://redskyalliance.org/xindustry/regulation-v-innovation

Having two legis

The US Department of Energy and several other federal agencies were compromised in a Russian cyber-extortion gang’s global hack of a file-transfer program popular with corporations and governments. Still, the impact was not expected to be great, Homeland Security officials said on 15 June 2023.  But for others, among what could be hundreds of victims from industry to higher education, including patrons of at least two state motor vehicle agencies, the hack was beginning to show some serious impa

Computer professionals may be impressed with artificially intelligent Large Language Models (LLMs) like ChatGPT that can write code, create an app, and pass the bar exam.  A large language model (LLM) is a type of artificial intelligence (AI) algorithm that uses deep learning techniques and massively large data sets to understand, summarize, generate and predict new content.  LLMs are capable of processing and generating text, and can be used for a wide range of applications, including language

Earlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground. 

https://cybersixgill.com/resources/the-state-of-the-underground-2023   

The research stems from an analysis of Cybersixgill's collected intelligence items throughout 2022, gathered from the deep, dark and clear web.  The report examines the continuous evolution of threat actors' tactics, tools, and procedures (TTPs) in the Digital Age and how organizations can adapt to redu

There are several ways in which an organization may discover that it has been the victim of a cyberattack or that an unauthorized third party has gained a foothold within its information technology (IT) environment.  Perhaps most commonly, an organization’s own endpoint detection, network monitoring, and other technical security controls identify and quarantine malicious cyber activity and allow for an investigation into the nature and scope of the event.  In some rare occasions, an organization

On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The below report aims to provide readers with brief insights into the evolving ransomware landscape variants.

Big Head Ransomware Overview – Researchers recently came across a new ransomware variant called Big Head, which came out in May 2023.  Although there are at least three variants of Big Head ransomware, all are designed to encry

To make the Machine Learning (ML) model learn the wrong thing, adversaries can target the model’s training data, foundational models, or both.  Adversaries exploit this class of vulnerabilities to influence models using data and parameter manipulation methods, which practitioners term poisoning.  Poisoning attacks cause a model to incorrectly learn something that the adversary can exploit at a future time.  For example, an attacker might use data poisoning techniques to corrupt a supply chain fo

Schools face evolving cyber threats in an increasingly digital educational landscape.  Insider errors, ransomware attacks, and vendor vulnerabilities require a strong focus on cyber hygiene and awareness to safeguard sensitive data, says the CEO of ManagedMethods.  Although we talk about the seriousness of the cybersecurity threat in education a lot, it is worth repeating this alarming Microsoft statistic 6,110,425 (80.1% of the global total) Opens a new window enterprise malware encounter in th

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

A recent survey conducted by Bridewell, a cybersecurity services company headquartered in the UK, revealed a concerning surge in insider cyber threats within critical national infrastructure (CNI) organizations.  The transport and aviation sectors are particularly at risk.  As economic uncertainties loom, organizations are facing budget cuts in cybersecurity, further exacerbating the threat landscape.  This research is some of the first conducted by Bridewell that focuses on the US.[1]

Bridewell

Free speech and digital privacy appear to be key components left out of a United Nations (UN) Cybercrime Treaty being proposed, primarily by Russia.  To say the cybersecurity community is skeptical would be an understatement.  "The UN Cybercrime Treaty, to the extent it gets adopted, is expected to define global norms for lawful surveillance and legal processes available to investigate and prosecute cybercriminals," reports The Register in a special report.  "And what has emerged so far contempl

Not to be confused with the model/actress Yara Shahidi, today Labs Con will discuss using YARA in cyber diagnostics.  This must-see talk discusses a highly-regarded but rarely publicly investigated threat actor, malware similarity, and YARA.  Publicly available data yields just a generic AV signature with the actor’s name, leaving a void for malware analysts looking to understand the overlaps between different malware families attributed to the same actor.

Greg Lesnewich explores how analysts ca

The number of organizations impacted by ongoing hacks of the software MOVEit is continuing to mount as entities from airlines to universities to the Department of Energy confirm their information was among a series of recent data breaches largely blamed on a Russian-speaking criminal group.

Transportation agencies in Oregon and Louisiana have warned millions of residents their identities are at risk after a cyberattack Thursday stole names, addresses and social security numbers.[1]  Louisiana of