All Articles (2633)

Sort by

10945928294?profile=RESIZE_400xThe US Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec.  The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9) and command injection (CVE-2022-2068, CVSS score: 9.8).  Also patched by Siemens is an authentication byp

The Japanese auto company Nissan has sent out breach notification letters to thousands of customers to inform them of a leak of personal information (pii) through a third-party vendor.  The car company said it was notified on 21 June 2022 that names, dates of birth, and account numbers for Nissan Motor Acceptance Corporation, an indirect lender that helps people finance or lease Nissan vehicles, were exposed after it provided the customer information to an unnamed third party “for software testi

10945562697?profile=RESIZE_400xUS President Biden signed the Quantum Computing Cybersecurity Preparedness Act into law on 21 December 2022.  The law is designed to secure the federal government systems and data against the threat of quantum-enabled data breaches ahead of ‘Q Day,’ the point at which quantum computers can break existing cryptographic algorithms.  Experts believe quantum computing will advance to this stage in the next five to 10 years, potentially leaving all digital information vulnerable to cyber-threat actor

10944569486?profile=RESIZE_400xYesterday, the US Transportation Secretary said on a national news media outlet that the federal government is not prepared to rule out the possibility that a cyber-attack as behind the recent shutdown of the FAA's air traffic safety alert computer system on Wednesday morning.

The week ago, the US Federal Aviation Administration (FAA) discovered there was a “bug” in the NOTAM warning system on the night of 10 January and attempted a full reboot to fix the problem.  The reboot did not work.  The

10944149069?profile=RESIZE_180x180The FortiGuard Labs team has discovered a new 0-day attack embedded in three PyPI packages (Python Package Index) called ‘colorslib’, ‘httpslib’, and “libhttps”.  These were found on 10 January 2023, by monitoring an open-source ecosystem.  The Python packages “colorslib” and “httpslib” were published on 7 January 2023, and “libhttps” was published on 12 January 2023.  All three were published by the same author, ‘Lolip0p’, as shown in the official PyPI repository.  ‘Lolip0p’ joined the reposito

10944153492?profile=RESIZE_180x180Multiple government agencies and military bodies in the APAC region have been targeted by what appears to be a new advanced threat actor that uses custom malware.  Researchers refer to this group as Dark Pink (Group-IB) or Saaiwc Group (Anheng Hunting Labs), noting that it employs uncommon tactics, techniques, and procedures (TTP).[1]  The actor used DLL side-loading and event-triggered execution methods to run the payloads on compromised systems using the custom toolkit observed in the attacks.

10944152087?profile=RESIZE_400x

 

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associa

10944129464?profile=RESIZE_400xCybercriminals are still exploiting an old vulnerability in Intel drivers to gain access to networks in a way that allows them to bypass cyber security protections.  Cyber security researchers have detailed the attacks and suggest the campaign targeting Windows systems is the work of a cyber-criminal group they track as Scattered Spider, also known as Roasted 0ktapus and UNC3944.  Scattered Spider is a financially motivated cybercrime operation, which researchers say takes particular interest in

10943595072?profile=RESIZE_400xThird-party administrator of insurance products Bay Bridge Administrators (BBA)  https://www.bbadmin.com is informing roughly 250,000 individuals that their personal information might have been compromised in a September 2022 data breach.  Bay Bridge Administrators is a full- service, nationally-recognized, third party administrator of fully-insured employee benefit plans.  Representing top-rated insurance companies, Bay Bridge fills a niche market in the insurance industry by entering into agre

10943589870?profile=RESIZE_400xA financially motivated threat actor group tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador.  Cyber threat investigators offer new insights into the Spanish-speaking group's tactics and techniques, including the use of sophisticated tools and government-themed lures to activate the kill chain.

The group also tracked under the name APT-C-36, Blind Eagle is notable for its narrow geo

10930207273?profile=RESIZE_400xAfter being in the law enforcement and security profession for over 30 years, I trust very few people.  Maybe it’s just me, but I can be really rude on calls whom I don’t know calling my cell phone.  I don’t subscribe to being like me, but the barrage of suspicious calls, text messages and emails I currently receive seems to have drastically escalated.  All this harassment are social engineering tactics.  A recent article in Forbes highlights the need to play as a team. 

Social engineering attac

10929245869?profile=RESIZE_400xWith the terrible flight issues with Southwest Airlines during the recent holidays in the rearview mirror, there now has been another airline shutdown, which the US Federal Aviation Administration (FAA) is calling an “outage.”  An overnight computer outage late on 10 January 2023 at the FAA lead to widespread flight delays and disruptions which is now cascading into hundreds of flight delays.  This just like a few weeks ago.[1] 

The FAA said the “outage” was in the Notice to Air Missions system,

10928760852?profile=RESIZE_400xAt the end of November 2022, OpenAI released ChatGPT, the new interface for its Large Language Model (LLM), which instantly created a flurry of interest in AI and its possible uses.  However, ChatGPT has also added some spice to the modern cyber threat landscape as it quickly became apparent that code generation can help less-skilled threat actors effortlessly launch cyber-attacks.

Check Point Research’s (CPR) previously reported and described how ChatGPT successfully conducted a full infection

10928541653?profile=RESIZE_400xWe are only 10 days into 2023 and already a ransomware attacks continue to escalate.  San Francisco’s Bay Area Rapid Transit (BART) is investigating an alleged ransomware attack after the Vice Society ransomware gang claimed to have attacked the agency.  BART which is the fifth-busiest heavy rail rapid transit system in the US, was listed on the group’s leak site on Friday.  The chief communications officer for BART, reported that they are investigating the data that was stolen and posted by the

10927990289?profile=RESIZE_400xIn the past several years, Red Sky Alliance has tracked vessel spoofing is seen all along the transportation supply chain.  Now we are hearing that DNV Maritime has reported a cyber-attack on its ShipManager software that forced the company to take its servers offline.  The incident was detected on 7 January 2023, and DNV said its experts are working with IT security partners to put in place a technical recovery plan and ensure operations are online as soon as possible.[1]

Meanwhile, users can

10928135874?profile=RESIZE_400xFortiGard has shared a great technical report on Monti, BlackHunt and Putin Ransomware. 

Affected platforms: Microsoft Windows
Impacted parties:   Microsoft Windows Users
Impact:                   Encrypts files and demands ransom for file decryption
Severity level:         High

Monti Ransomware:  Monti is a relatively new ransomware designed to encrypt files on Linux systems. Files encrypted by Monti ransomware have a ".puuuk” file extension. We are also aware of reports of potential Monti vari

10927592880?profile=RESIZE_400xA few years ago, while visiting old friends in a major metropolitan midwestern city where I grew up, I had the chance to meet an old friend who was working part-time as an IT consultant for a city suburb.  This city had its own network and a municipal level court system network.  He told me they were hit three times in the recent past by hackers.  I asked if any law enforcement agency investigated it and his answer was, “no, we back-up our data every evening and just recovered the following day.

10926186286?profile=RESIZE_400xActivity Summary - Week Ending on 6 January 2023:

  • Red Sky Alliance identified 32,773 connections from new IP’s checking in with our Sinkholes
  • Amazon in Singapore hit 32x
  • Analysts identified 492 new IP addresses participating in various Botnets
  • Red Sky Dark Web Collection for 2022
  • LockBit seen twice in Top 5 Malware
  • Indian Job Seeker data stolen (IR-23-005-001)
  • The Meta Eire Fine
  • Five Guys Burgers

 

Red Sky Alliance Compromised (C2) IP’s 

IP

Contacts

18.142.112.98

238

89.117.58

10925435275?profile=RESIZE_400xAn Elasticsearch server belonging to a major international IT recruitment and software solution provider is currently exposing the personal data of more than half a million Indian candidates looking for jobs.  However, the data is not limited to jobseeker as the server is also exposing the company’s employees’ data.  Another important aspect of this data exposure is the fact that it also contains the company’s client records from different companies, including Apple and Samsung.

This was confirm

10925387475?profile=RESIZE_400xOur friends at The Record shared some concerning news for the US.  More than 200 local governments, schools and hospitals in the US were affected by ransomware in 2022, according to research conducted by cybersecurity firm Emsisoft.

The annual “State of Ransomware in the US” report found that 105 local governments; 44 universities and colleges; 45 school districts; and 25 healthcare providers operating 290 hospitals dealt with ransomware attacks last year.  These figures are based only on public