A Twitter spokesman has said it is firing Peiter Zatko, the network security expert it hired in November 2020 as head of security. Changes in the composition of Twitter's security team followed "an assessment of how the organization was being led," according to a company memo. Zatko, known by the handle "Mudge," gained fame as a member of the Cult of the Dead Cow ethical hacking collective in the 1990s and later moved to top cybersecurity research positions at the Defense Advanced Research and
All Articles (2242)
Sort by
The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep researchers out and get through security controls," IBM Trusteer said in a report. "In most cases, these extra protections have been applied to injections used in the process of online banking fraud TrickBot'
Shell Deutschland GmbH is reporting it was able to "reroute to alternative supply depots for the time being," said Shell. The company’s Oiltanking Deutschland GmbH and mineral oil dealer Mabanaft was hit by a cyber-attack which disrupted its IT systems and supply chain. The attack allegedly took place on 31 January 2022.
Royal Dutch Shell said today it was re-routing oil supplies to other depots following a cyber-attack on two subsidiaries of German logistics firm Marquard & Bahls this week
UniCC, the biggest dark web marketplace for stolen credit and debit cards, has announced that it is closing its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. It operated since 2014 and offers credit cards of all brands (Amex, Visa, MasterCard, Diner’s Club). It is also one of the most popular markets because it updates very frequently with new offers.
“Our team retires. Thanks to everyone who has been part of us
Apple's AirTags are can be used for both good and evil purposes. That can be the problem with any new technology. For every potential good use, there are at least several pain-inducing and criminal-pleasing uses. Sometimes, the bad outweighs the good, especially in the public eyes and ears. This time the good prevailed.
Case in point, a young US military spouse has moved around the globe numerous times. She knows the drill. As she told the Military Times, she also knows that moving compan
Activity Summary - Week Ending on 28 January 2022:
- Red Sky Alliance identified 21,120 connections from new IP’s checking in with our Sinkholes
- Intern LLC in Moscow hit
- Analysts identified 5,665 new IP addresses participating in various Botnets
- AvosLocker Ransomware
- Wormable Windows Vulnerability
- Nmap
- Belarus Trains hit
- Canada mad at Russia
- QR Code Confusion
- 22% Gone Phishing
- Vessel Impersonation
Link to full report: IR-22-028-001_weekly028.pdf
The U.S. Department of Homeland Security is reportedly warning that the U.S. could witness a retaliatory cyberattack at the hands of Russia if it decides to respond to the latter's potential invasion of Ukraine, where 100,000 or more troops have been amassed for weeks. According to a DHS Intelligence and Analysis bulletin dated 23 January 2022 and sent to law enforcement agencies around the country, officials believe that if the U.S. responds to rising tensions at Ukraine's eastern border, the
Shipping is an indispensable part of modern life. It is the lifeblood of the global economy, with numerous large companies (and their equally large container ships) perpetually moving goods from one corner of the earth to the other to provide consumers and industries with the necessities of life. Due to the critical importance of shipping and receiving goods to most organizations, threat actors often use shipping as a lure for phishing emails: such as false invoices, changes in shipping delive
Keyloggers have been around for decades. They have constantly adapted to the changing technology landscape and remain an effective method used by attackers to obtain information about computer users. In this report we take a look at what keyloggers do, how they have changed, and what keyloggers to look out for going forward.
Keyloggers are software or hardware devices used to record keyboard inputs by users on a computer. They were originally invented for corporations to monitor employee comput
Red Sky Alliance performs queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated, with assoc
The US Federal Energy Regulatory Commission (FERC) announced on 20 January 2022, to strengthen its Critical Infrastructure Protection (CIP) Reliability Standards by requiring internal network security monitoring (INSM) for high and medium impact bulk electric system cyber systems.
The Notice of Proposed Rulemaking (NOPR) proposes to direct the North American Electric Reliability Corporation to develop and submit new or modified Reliability Standards to address a gap in the current standards.[1]
Since mid-2021, TrendMicro analysts have been investigating a threat actor called Earth Lusca (EL) that targets organizations globally via a campaign that uses traditional social engineering techniques such as spear phishing and watering holes. This group’s primary motivation seems to be cyberespionage: the list of its victims includes high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong, Covid-19 rese
Activity Summary - Week Ending on 21 January 2022:
- Red Sky Alliance identified 34,423 connections from new IP’s checking in with our Sinkholes
- Microsoft IP hit again
- Analysts identified 4,093 new IP addresses participating in various Botnets
- SysJoker Backdoor
- Konni Campaign
- Take Down of VPNLab.net
- Russia shuts down REvil, huh?
- Brookings Blog on Russia
- SilverTerrier sent to the Kennel
- China and the Olympics
- Up-Date on Ukraine Hit
Link to full report: IR-22-021-001_weekly021.pdf
The US Department of Justice (DOJ) authorities first became aware of Diavol ransomware in October 2021. Diavol is allegedly associated with developers from the Trickbot Group, who are responsible for the Trickbot Banking Trojan. Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. While ransom demands have ranged from $10,000 to $500,000, Diavol actors have
Cybersecurity is more than meets the eye. Proper security contains several layers, including adequate training and technology, to meet HIPAA compliance guidelines. Healthcare organizations are responsible for implementing robust cybersecurity strategies to prevent cyberattacks. The healthcare industry claims to prioritize cybersecurity efforts, yet 18% of organizations allocate only 1-2% of their IT budgets to cybersecurity. Covered entities who choose not to prioritize proper cybersecurity l
In 2010, Iran’s uranium enrichment centrifuges were attacked and rendered useless through a computer virus that became known as Stuxnet. It was the first case in which a hacker attack, coordinated by nations (presumably the US and Israel), hit a large military target in the “real world.” A worldwide race to create or acquire cyber weapons was then just taking shape.
Fast forward to last week (11 years later), Ukraine was hit by a massive cyber-attack that targeted government websites. Posted
In the US, 5G services are planned for launch beginning 19 January 2022 using frequencies in a radio spectrum called the C-band. These frequencies can be close to those used by radar altimeters, an important piece of safety equipment in aircraft. Because the proposed 5G deployment involves a new combination of power levels, frequencies, proximity to flight operations, and other factors, the US Federal Aviation Administration (FAA) will impose restrictions on flight operations using certain typ
The Sygnia’s Incident Response team recently discovered a threat group conducting financial theft by subtly stealing millions of dollars from financial and commerce companies’ systems, all the while hiding in plain sight. The criminal group operates inside the victims’ networks for months while studying their financial systems and injecting fraudulent transactions into regular activity.
Titled Elephant Beetle or TG2003, the cyber threat group does not develop new zero-day exploits to commit fin
Activity Summary - Week Ending on 14 January 2022:
- Red Sky Alliance identified 24,345 connections from new IP’s checking in with our Sinkholes
- Microsoft IP’s in UK and N. Ireland hit
- Analysts identified 1,435 new IP addresses participating in various Botnets
- Rook Ransomware
- More Log4j
- Ukraine Cyber Bust
- UK NHS
- Who’s Winning?
- Google Docs
- The Electric Grid’s Hot Wires
- BLM suing LAPD
Link to full report: IR-22-014-001_weekly014.pdf
At the onset of the global pandemic, the UK’s Cambridge Cybercrime Centre observed a significant increase in murderous fantasies expressed online within the incel community. An ‘incel’ is a member of an online subculture of people who define themselves as unable to get a romantic or sexual partner despite desiring one. The level of online activity, as well as the tone, had grown increasingly threatening. Fortunately, that level of violent ideation settled down over time but now has resurfacin
