X-Industry

ChatGPT is a generative AI model that applies user inputs to train itself and continuously becomes more efficient.  Because ChatGPT has accumulated many more user interactions since its launch, it should, in theory, be much smarter as time passes.  Researchers from Stanford University and UC Berkeley conducted a study to analyze the improvement in ChatGPT's large language models over time, as the specifics of the update process are not publicly available.  To experiment, the study tested both GP

MSMQ is a proprietary messaging protocol developed by Microsoft that allows applications running on separate computers to communicate in a failsafe manner. MSMQ ensures reliable delivery by placing messages that fail to reach their intended destination in a queue and then resending them once the destination is reachable.  RabbitMQ is an open-source messaging queuing protocol similar to MSMQ.

The MSMQ service is hosted as a standalone Windows service under MQSVC.EXE.  The MSMQ operation is implem

Google’s malware scanning platform VirusTotal published an recent apology after hundreds of individuals working for defense and intelligence agencies globally had their names and email addresses accidentally exposed by an employee.

In a public statement, VirusTotal said it apologized “for any concern or confusion” the exposure may have caused and said it took place on 29 June, when the employee accidentally uploaded a CSV file to the platform.[1]  “This CSV file contained limited information of

Anyone can become a phishing attack expert on underground forums for as little as US$ 50.  For about a year, a new Phishing-as-a-Service (PaaS) offering has been used to target Microsoft 365 accounts in the manufacturing, healthcare, technology, and real estate sectors, according to cyber threat researchers.  Named ‘Greatness,’ the service has been used in several phishing campaigns since mid-2022, mainly targeting organizations in the US, with other victims in the UK, Australia, Canada, and Sou

Trend Micro has always taken extremely seriously its commitment to secure the connected, digital world.  But we also know that in the fight against cybercrime, its resources are most effective when shared and combined with others working towards the same goals.  That's why Trend Micro has no issues about teaming up with other security vendors, as well as academics and law enforcement agencies.  Red Sky Alliance has always held this collaborative approach.

This "better together" approach has seen

This week, Rust-based file-encrypting ransomware was found to be impersonating the cybersecurity firm Sophos https://www.sophos.com as part of its operation.  The malware named ‘SophosEncrypt’, the malware is being offered under the Ransomware-as-a-Service (RaaS) business model and appears to have already been used in malicious attacks.  After several security researchers warned of the new RaaS, Sophos said it was aware of the brand's impersonation and was investigating the threat.

See:  https:/

In 2019, a video surfaced of then - US Speaker of the House Nancy Pelosi that appeared to show her in an impaired condition.  The video was a deepfake featuring footage modified to make the Speaker seem intoxicated or unwell.  Yet despite its inauthenticity, the video went viral and received millions of views on social media.  Today, many users remain unable to tell the difference between deepfakes and legitimate media.

What Are Deepfakes?  Deepfakes are synthetic videos, images, or audio record

Generative artificial intelligence (AI) could be used by foreign adversaries to interfere in next year’s presidential election, President Joe Biden’s nominee to lead US Cyber Command and the NSA warned this past week.  “As we look at this election cycle, the area that we do have to consider that will be slightly different will be the role of generative AI as part of this,” an Air Force Lt. General told the US Senate Armed Services Committee during his second nomination hearing.  “And so, our con

Buying a house these days is almost insurmountable.  Who can afford to pay cash for a decent house, or even the minimum downpayment?  That’s where lenders come in.  Banks and finance companies have been doing this for years.  But now there is an elephant in the room, called AI.  The top US bank regulator is warning that lenders need to ensure that artificial intelligence tools don't perpetuate biases and discrimination in credit decisions.[1]

Federal Reserve Vice Chair for Supervision Michael Ba

The Biden administration recently announced a new cyber initiative to label smart devices considered safe and less vulnerable to attacks.  As part of the new cybersecurity labeling program, a new ‘US Cyber Trust Mark’ shield logo will be applied to products that meet specific cybersecurity criteria. 

Proposed by Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel, the program aims to improve the cybersecurity of smart devices, including smart consumer products and electronics,

Chrome Woes

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution.  Google Chrome is a web browser used to access the internet.  Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user.  Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts

The QR code system was invented in 1994 under a team led by Masahiro Hara from the Japanese company Denso Wave.  A QR code (quick-response code) was developed as a type of two-dimensional matrix barcode for labelling automobile parts.  Now, using a new twist to bypass detection from security solutions, cyber-attacks are now employing QR codes that your users will not recognize as anything suspicious.

Threat actors need some means of getting a user to engage with malicious content – whether an at

Cybercrime and cyber espionage activity continue to multiply against all industries and sectors, causing financial and material damage to targeted networks.  Cyber insurance has assisted in mitigating the impacts of cyber malfeasance, offsetting costs associated with recovering from cyber-attacks.  A Government Accountability Office report found that the increasing severity and frequency of cyberattacks led more organizations to seek cyber coverage, which has been increasing in price as the volu

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

A series of cyberattacks across Texas, including some in the Houston region, are part of a growing statewide and national trend of increasingly sophisticated groups working through computers to steal money and information, according to officials in the FBI. In 2022, for instance, the FBI received more than 21,800 complaints of a cyberattack called a business email compromise scheme, totaling around $2.7 billion in reported losses, said a spokesperson for the FBI's office in Houston. Of that tota

Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk.  These apps engage in deceptive behavior and secretly send sensitive user data to malicious servers in China.  Researchers have discovered this infiltration.  Their report shows that both spyware apps, namely File Recovery and Data Recovery (com.spot.music.filedate), with over 1 million installs, and File Manager (com.file.box.master.g

A hacker has created his own version of ChatGPT, but with a malicious bent: Meet WormGPT, a chatbot designed to assist cybercriminals.  WormGPT’s developer is selling access to the program in a popular hacking forum, according to email security provider SlashNext, which tried the chatbot.  “We see that malicious actors are now creating their own custom modules similar to ChatGPT, but easier to use for nefarious purposes,” the company said in a blog post.  

WormGPT (Credit: Hacking forum)

It look

A vulnerability has been discovered in Adobe ColdFusion which could allow for arbitrary code execution.  Adobe ColdFusion is a commercial web-application development platform designed to build and deploy web applications.  Successful exploitation of this vulnerabilities could allow for arbitrary code execution in the context of the logged on user.  Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts w

With his electric Kia EV6 running low on power, an EV driver pulled into a bank of fast-chargers near Terre Haute, Indiana, to plug in.  As his car powered up, he peeked at nearby chargers.  One in particular stood out.  Instead of the businesslike welcome screen displayed on the other Electrify America units, this one featured a picture of President Biden pointing his finger, with an “I did that!” caption.  It was the same meme the president’s critics started slapping on gas pumps as prices soa

With half of 2023 over, ransomware gangs have operated at a near-record profit, extorting more than $449 million from victims, according to blockchain research firm Chainalysis.  The figure likely pales in comparison to the actual totals because the research only looks at cryptocurrency wallets being monitored by the firm.  If the trends continue, ransomware groups are on pace to bring in nearly $900 million in 2023, only $40 million behind the peak of $939.9 million seen in 2021.

Chainalysis re