This joint CISA - Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about
All Articles (2633)
Sort by
According to recent studies, developers spend more time maintaining, testing and securing existing code than they do writing or improving code. Security vulnerabilities have a bad habit of popping up during the software development process, only to surface after an application has been deployed. The disappointing part is that many of these security flaws and bugs could have been resolved in an earlier stage and there are proper methods and tools to uncover them. Everyone makes mistakes, even
Just what is for sale on the Dark Web? According to a published report, the North Atlantic Treaty Organization (NATO) is investigating the leak of data reportedly stolen from a European missile systems firm, which hackers have put up for sale on the Dark Web. The leaked data includes blueprints of weapons used by Ukraine in its current war with Russia. Integrated defense company MBDA Missile Systems, headquartered in France, has acknowledged that data from its systems is a part of the cache b
Hacks tied to Russia and Ukraine war have had minor impact, researchers say. Although politicians and cybersecurity experts have warned about the potential for widespread hacks in the wake of Russia’s invasion of Ukraine, a new study finds that attacks linked to the conflict have had minor impact and are unlikely to escalate further.[1] This is some positive news for cyber security.
Researchers from the University of Cambridge, the University of Edinburgh and the University of Strathclyde exam
At its core, LastPass is a password manager. A password manager is a software service that allows users to store encrypted passwords so they can be accessed easily when they are needed. LastPass is indeed very popular, but it is only one of many widely known password managers, each with their own features, advantages, and disadvantages. Other commonly known password managers include BitWarden, Dashlane, 1Password.
The apparent necessity for password managers has been prompted by the fact that
Activity Summary - Week Ending on 2 September 2022:
- Red Sky Alliance identified 37,328 connections from new IP’s checking in with our Sinkholes
- capital hit 82x
- Analysts identified 1,905 new IP addresses participating in various Botnets
- Git Woes
- Chile SERNAC Cyber Attack
- LastPass
- Free Analytical Tools
- Burp Suite
- Gophish
- Snort
Link to full report: IR-22-245-001_weekly245.pdf
Data usage on commercial maritime vessels has jumped more than threefold since 2019, according to a new communications analysis by Inmarsat. The study found that the shipping industry’s reliance on digital connectivity to enhance operating efficiency and safeguard crew welfare has resulted in data usage among Inmarsat maritime customers rising almost 70 per cent in the 12 months to mid-2022. Analysis of data usage by vessel operators shows year-on-year demand for data was highest among contain
The Bolshevik Revolution was a rebellion against the banks, the state, the royals, the industrial class, entrepreneurship, and individualism. The Bolsheviks saw everything as a class struggle wherein the working class (small blockers would say “the pleb”) was innately moral while essentially everyone else was evil due to their class. Their worldview assumed that all people should be assumed malicious until vetted as an ally, and upon confirmation would typically adopt (typically red) regalia t
Black Hat USA 2022 https://www.blackhat.com/us-22 never fails to deliver exciting, enlightening, and distressing discussions about the state of cybersecurity. Analysts saw this at Black Hat impressed and worried us the most. If you could not make the trip, here is a summary of 14 Black Hat topics.
- A Quarter Century of Hacking: The Black Hat security conference turned 25 this year, and the relentless passage of time was enough to scare some of our reporters. The conference marked the o
The US Federal Bureau of Investigation (FBI) has issued a Private Industry Notification warning of malicious cyber actors using proxies and configurations for credential stuffing attacks on organizations within the United States.
See: https://www.ic3.gov/Media/News/2022/220818.pdf
Credential stuffing is a form of brute force attack and shares many of the same commonalities that exploit leaked user credentials or ones purchased on the Dark Web that takes advantage of the fact that many individua
Russian cyberespionage group APT29, responsible for the devastating SolarWinds supply chain attacks in 2020, is back in the news. In a technical report published by Microsoft, the APT29 cyber-spies have acquired authentication bypass of a new post-exploitation tactic. Microsoft previously tracked the actors as Nobelium (a), Cozy Bear (b), and the Dukes (C).
Findings Details: Microsoft wrote in its report that the hackers are targeting corporate networks with a new authentication bypassing tec
Our monthly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.
Link to full report: IR-22-242-001_IntelSummary242.pdf
If you ever have the good fortune to be leaving your office on a well-deserved vacation, are you certain the security controls you have in place will let you rest easy while you are away? Equally important is do you have the right action plan in place for a happy vacation? As its name indicates, security validation is a process or a technology that validates assumptions made about the actual security posture of a given environment, structure, or infrastructure.[1]
In the digital world, there a
A victim of a ransomware attack paid to restore access to their network, but the cybercriminals did not hold up their end of the deal. The real-life incident, as detailed by cybersecurity researchers at Barracuda Networks, occurred in August 2021, when hackers from the BlackMatter ransomware group used a phishing email to compromise a single victim's account at an undisclosed company. First seen in July 2021, BlackMatter is a ransomware-as-a-service (RaaS) tool that allows the ransomware's dev
Security researchers have warned that countless global organizations might be at risk of remote compromise after discovering more than 8000 exposed Virtual Network Computing (VNC) instances. Virtual networking enables communication between multiple computers, virtual machines (VMs), virtual servers, or other devices across different office and data center locations. While physical networking connects computers through cabling and other hardware, virtual networking extends these capabilities by u
The Agency for National Security, ANB, said on Friday that Russian services have organized coordinated cyber-attacks on Montenegrin government servers twice since 22 August 2022. The ANB told media that Montenegro is in what it called a hybrid war at the moment. “Coordinated Russian services are behind the cyber-attack. This kind of attack was carried out for the first time in Montenegro, and it has been prepared for a long period of time,” the ANB told media.
On 22 August, the government repo
They say, “Ya gotta Play, to Win.” Many state lotteries are now online through the Internet. But in New Hampshire, playing the lottery on the Internet could be hazardous. Clicking unknown pop-ups on the Internet is never a good idea and it wasn’t in NH this past Friday.
The New Hampshire Lottery website is back in service after the agency faced a cyber-attack on 26 August that attempted to trick users into clicking a pop-up and downloading malware. “The (cyber) attack resulted in the creati
‘AI cannot be an excuse’: What happens when Meta’s chatbot brands a college professor a terrorist? Chatbots can often be wrong. Is there any recourse?
Marietje Schaake has had a long and distinguished career. She has been an advisor to the US ambassador to the Netherlands and consulted with the Dutch Ministry of Foreign Affairs. For 10 years, she was a member of the European Parliament, crafting laws that covered hundreds of millions of people, focusing specifically on digital freedoms. Sh
Siemens Executive Summary: It is increasingly important to incorporate safety systems into vehicles. With advancements in vehicle electrification and autonomous vehicles (AV), the automotive industry is undergoing a transition that is safer and more environmentally friendly. This white paper discusses the transitions occurring in the automotive industry and what considerations for integrated safety system designs are relevant today or are expected to gain relevance in the coming years. The r
The Newcomer’s Guide to Cyber Threat Actor Naming (original article from 2018)
I was driven by a deep frustration when I started my public “APT Groups and Operations” spreadsheet in 2015. I couldn’t understand why I had to handle so many different names for the same threat actor. Today (2018), I understand the reasons for the different names and would like to explain to them so newcomers stop asking for standardization. Off the record: you just reveal a lack of insight by demanding complete st
