Several members of the US Congress called on the National Telecommunications and Information Administration (NTIA) on 21 September to do more to protect the privacy of domain registration information. US Senator Ron Wyden (D-Ore.) and US Representative Anna G. Eshoo (D-Calif.) led a group of lawmakers in criticizing the NTIA for not protecting the “highly sensitive” personal information used to register for .US domains. The records contain usernames, addresses, phone numbers and email addresse
All Articles (2792)
Sort by
Our September monthly Cyber Threats & Vulnerabilities Report is provided to our Red Sky Alliance Members to consolidate both prominent government and private cyber security reporting which include descriptions (TTPs), indicators of compromise (IoCs) and at times remediation directions.
Link to full report: IR-22-268-001_IntelSummary268.pdf
Activity Summary - Week Ending on 23 September 2022:
- Red Sky Alliance identified 24,982 connections from new IP’s checking in with our Sinkholes
- Amazon Technologies Inc hit 138x
- Analysts identified 1,144 new IP addresses participating in various Botnets
- Shikitega Malware
- Adobe InDesign
- Ragnar
- RedLine Stealer
- Uber Hack
- Bosnia and Herzegovina
- Republika Srpska
Link to full report: IR-22-267-001_weekly267.pdf
Our Friends at Fortinet have provided its latest technical analysis of the Ragnar Locker ransomware.
Affected platforms: Microsoft Windows
Impacted parties: Microsoft Windows Users
Impact: Encrypts files on the compromised machine and demands ransom for file decryption
Severity level: High
Ragnar Locker is ransomware for Windows and Linux that exfiltrates information from a compromised machine, encrypts files using the Salsa20 encry
According to a recent report, cyber threat intelligence professionals believe they could not find private data leaked from their organizations on the dark web. Most security professionals in US organizations are concerned about threats from the dark web, a large portion still do not take risks from the criminal underground seriously. A recent survey shows that a third of people responsible for managing cyber vulnerabilities in their day-to-day work say they are not very concerned about threats
When Belarusian activist Yuliana Shemetovets was offered a job as the spokesperson of the Belarusian Cyber Partisans hacktivist group, she didn’t rush to accept it. “To be honest, I was scared,” she said. She had reasons to be. Belarus is an authoritarian state in which elections are openly rigged and civil liberties are severely restricted. The country is ruled by dictator Alexander Lukashenko, who has resorted to repression and corruption to stay in power for more than 30 years.
Belarusian Cy
So, I just got back from a trip to Georgia, the one in the US. I used Uber three times. Convenient, clean, hassle-free and the drivers were very nice. An over-all great experience. Until……Uber has reported this past weekend it is investigating a major cyber security breach that has forced it to take several critical systems offline following an alleged social engineering attack on an employee by an apparent teenage hacktivist.
The incident was exposed last week on 15 September, when an indiv
Ransomware is currently one of the most significant cybersecurity issues facing all business and government sectors, as cyber criminals hack into businesses, schools, hospitals, critical infrastructure and more so as to encrypt files and demand a ransom payment for the decryption key. Despite warnings, many victims pay these ransoms, under the impression that it is the quickest way to restore their network, particularly if the cyber criminals are also threatening to leak stolen data. But all t
Activity Summary - Week Ending on 16 September 2022:
- Red Sky Alliance identified 46,287 connections from new IP’s checking in with our Sinkholes
- hetzner[.]de in Finland hit 28x
- Analysts identified 3,147 new IP addresses participating in various Botnets
- Nomad Crypto
- EvilProxy
- Albania
- US – New York
- Kiwi Farms
- Russia
- Industrial Espionage
Link to full report: IR-22-259-001_weekly259.pdf
Red Sky Alliance regularly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with assoc
The continued use of threat intelligence to combat nation-state espionage is an important practice for cybersecurity teams. However, outside of common types of fraud seen on the dark web or closed forums, the same threat intelligence often is not leveraged to combat enterprise fraud. Prevention is the key to protecting your organization from cyber breaches. An effective defense uses all of the tools available to keep a breach from occurring in the first place.
According to Sun-Tzu, a 4th-cen
The Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. This new dropper does not rely on Accessibility permissions to automatically install the dropper Sharkbot malware. This new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats.
See: https://redskyalliance.org/xindustry/don-t-get-bitten-by-sharkbot
The apps in question, Mister Phone
Cyber threats are an all too common danger for companies in all critical infrastructure sectors. Historically, the threat of cyber-attack was thought to be largest against financial institutions, retail chains, and the medical sector. However, as manufacturing has become more reliant on data and technology, the threat of cyber-attacks on the industry has grown. This especially true for critical manfacturing, like aviation and the defense industrial base (DIB), but true for any manfacturing.
Palo Alto Networks’ Unit 42 researchers have reported the emergence of a new Mirai botnet variant called MooBot. This variant is looking for unpatched D-Link devices to create its army of DDoS (distributed denial of service) bots. For compromising vulnerable D-Link routers, MooBot uses multiple exploits.
Re-Emergence of Notorious MooBot: The MooBot botnet was first discovered by Qihoo 360’s Netlab in Sep 2019, whereas the most recent wave of attacks involving MooBot, before the one detected b
Activity Summary - Week Ending on 9 September 2022:
- Red Sky Alliance identified 22,128 connections from new IP’s checking in with our Sinkholes
- storeiq[.]eu in Poland hit 24x
- Analysts identified 2,085 new IP addresses participating in various Botnets
- Samsung Hack
- Samsung’ Rebuttal
- SharkBot
- 3rd Party Vulnerabilities
- AI Lessons
- Eni in Italy
- US – LA School District Hit
Link to full report: IR-22-252-001_weekly252.pdf
A malicious campaign mounted by the North Korea-linked Lazarus Group targets energy providers worldwide, including those based in the United States, Canada, and Japan.
The campaign is meant to infiltrate organizations worldwide to establish long-term access and subsequently exfiltrate data of interest to the adversary's nation-state, according to investigators. Some elements of the espionage attacks have already been reported in the media.
The US National Security Agency’s No. 2 official said on 7 September that the US still outpaces foreign adversaries when it comes to cybersecurity and technology thanks to the country’s “open society.” The US and its democratic allies “enjoy things that cannot be replicated easily in autocratic societies,” the NSA’s deputy director, said during the Billington Cybersecurity Summit in Washington, DC.[1]
“The grist of that is innovation. Innovation sparks creativity and solutions. That puts us
A new Phishing-as-a-Service (PhaaS) named EvilProxy (also known as Moloch) was seen for sale in dark web forums, according to researchers. Moloch ransomware is a computer virus infection that encrypts all personal victim files on an affected device and demands a ransom for unlocking them. This file-locking parasite belongs to a relatively small Makop ransomware family compared to others, such as Djvu or Dharma.
EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA
Artificial intelligence (AI) can be trained to recognize whether a tissue image contains a tumor. However, exactly how it makes its decision has remained a mystery until now. A team from the Research Center for Protein Diagnostics (PRODI) at Ruhr-Universität Bochum is developing a new approach that will render an AI’s decision transparent and thus trustworthy. The researchers describe the approach in their journal Medical Image Analysis.[1]
For the study, experts from the Ruhr-Universität’s S
This joint CISA - Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about
