Business Email Compromise or BEC attack begins with a cybercriminal hacking and spoofing emails to impersonate your company’s supervisors, CEO, or vendors. Once in, they request a seemingly legitimate business payment. The email looks authentic, seems to come from a known authority figure, so the unsuspecting employee complies. These fraudsters are increasingly exploiting the auto-forwarding feature in compromised email accounts to help conduct business email compromise scams, the US Federal B
All Articles (2242)
Sort by
Russian state level hackers have been exploiting a vulnerability found in VMware products including virtual workspaces, this according to a cybersecurity advisory issued last week by the the US based, National Security Agency.
PHOTOGRAPH: YIFEI FANG, GETTY IMAGES
The VMware vulnerability, which is called in CVE-2020-4006 and rated 7.2 on the Common Vulnerability Scoring System (CVSS), was disclosed and patched last week. According to the NSA advisory, threat actors are using the vulnerability t
As the Covid virus marches on, many are seeing the light at the end of the tunnel. Each day brings us a little closer to the approval and distribution of COVID-19 vaccines in the US, UK and close in many other countries. According to the US Health and Human Services (HHS) Secretary Alex M. Azar II, officials with Operation Warp Speed (OWS) report that 20 million doses of the COVID-19 vaccine could be distributed this month. ”We are planning to be ready when [an emergency-use authorization by
The cybercriminal-controlled botnet known as TrickBot has become a public enemy number one (again) for the cybersecurity community. It has survived takedown attempts by Microsoft, analysts from leading cybersecurity firms, and even US Cyber Command. It now appears that the hackers behind TrickBot are trying a new technique to infect the deepest recesses of infected machines, reaching beyond their operating systems and into their firmware.
The security firms AdvIntel and Eclypsium revealed that t
‘Hired Gun’ Hackers and the PowerPepper Backdoor
Kaspersky Labs announced a new find regarding a new backdoor loaded into Windows RAM, developed by Hackers for Hire (HfH). The backdoor is capable of remotely executing malicious code and stealing confidential information.
The malware is called PowerPepper and is linked to the DeathStalker (DS) cybercriminal group (previously called the Deceptikons). DS members of this group have been targeting law firms and financial institutions in Europe and
Red Sky Alliance observed 21 unique email accounts compromised with Keyloggers
Analysts identified 23,342 connections from new unique IP addresses
1,814 new IP addresses were observed participating in various Botnets
Red Sky Alliance now offers Code Repository and will present this index very Soon
BlackShadow targeting Israel
Make sure your WiFi is Safe
A cybercriminal is currently selling hundreds of C-level executives' Passwords
Lowe’s Insider Threat – Busted
Home Depot still has cyber issues,
Ransomware was one of the most observed cyber threats this year to date. Ryuk and Sodinokibi, were the most observed villains in Red Sky Alliance’s client investigations, have been joined by Maze as the top three ransomware variants so far in 2020. After launching several high-profile attacks earlier in 2020, the actors behind Ryuk ransomware seem to have gone on a vacation near the end of Q2. According to cyber threat analysts, Crimeware and their developers often have periods where they go do
Ransomware attacks on enterprises of all sizes across industry sectors are on the rise. Cyber threat experts estimate that worldwide, ransomware is expected to infect a business every 11 seconds and projected to cost over $20 billion in 2021. Any organization can be a victim as a successful ransomware attack is within the reach of cybercriminals everywhere. As ransom demands have increased, organizations continue to pay these hefty sums.
The sophisticated threat actors have proven to be metic
cPanel and Web Host Manager (WHM) are two popular administrative tools for web site administrators published by cPanel LLC. According to cPanel, over 70 million web sites are deployed that use their software for administration. One of the security features of the software is 2-factor authentication using a mobile application such as Google Authenticator, Microsoft Authenticator, or Duo. Recently, a flaw was discovered that allows attackers to guess the 2 factor authentication token using a brut
“There is a strong need to balance the benefits of new technologies with safety and security concerns, in particular cyber-security," Heike Deggim, director of maritime safety at the United Nations sponsored International Maritime Organization (IMO), told the International Safety@Sea webinar series organized by the Maritime & Port Authority of Singapore (MPA). “Many people tend to have a very outdated view of what modern shipping looks like. Modern ships are technologically advanced workplaces
The operators behind the Qbot banking Trojan are now deploying a recently uncovered ransomware variant called Egregor, according to researchers at Singapore-based cybersecurity firm Group-IB. Since September 2020, the Egregor ransomware variant has targeted companies in 16 countries. The crypto-locking malware has also developed a reputation for "big-game hunting" attacks, with the operators demanding $4 million or more from victims, according to the Group-IB analysis.
Ransomware gangs know t
Despite attempted to stop the criminal hacking group responsible for managing the Trickbot trojan, they continue malicious activities by introducing new versions that make this malware more difficult terminate. Trickbot now can offer other malware with Access-as-a Service capabilities (AaaS). Many cyber threat attacks start with a successful phishing campaign. This allows for the Trickbot malware trojan to be used as a pathway for ransomware infections and Denial-of-Service Attacks (DDoS atta
Activity Summary - Week Ending 25 November 2020:
- Red Sky Alliance observed 106 unique email accounts compromised with Keyloggers
- Analysts identified 45,355 connections from new unique IP addresses
- Lir Ukraine Llc Compromised C2
- Hezbollah Threat Actors remain as the Top Hacking Group
- Lazarus is Targeting the Supply Chain
- Muhstik Botnet targeting Oracle
- Boom!Mobile – Still not Happy
- Everyone hang in there, add Oil
- To our US Friends – Happy Thanksgiving
Link to full report: IR-20-330-001-Tactical C
In the US, many people fear the Internal Revenue Service (IRS). When a US citizen receives any type communication from the IRS, people take notice. The cyber bad guys know that too and send IRS phishing messages to unwitting US citizens. In addition to receiving scam voice mails and texts about your Social Security number being at risk, a “credible looking” yet fake, IRS email has been sent to tens of thousands of email inboxes across the US. The question of authenticity can be explained in
I am sure everyone reading this post has had a dream where you wake up laughing. You sit on the edge of your bed and think about what was so funny that made you laugh. Well a recently identified Chinese hacking group called ‘FunnyDream’ (FD) ain’t so funny. In fact, FD has targeted over 200 government units in Southeast Asia since 2018 as part of an ongoing cyberespionage campaign. This according to research from the security firm Bitdefender. The FunnyDream campaign, active since 2018, mai
The North Korean APT group known as Kimsuky, Black Banshee, Velvet Chollima and Thallim is actively attacking commercial-sector businesses, often by posing as South Korean reporters, according to an alert from the CISA.
Kimsuky (Hidden Cobra or Lazarus) has been known since 2012, mainly targeting think tanks in South Korea, but more recently expanding operations to the United States, Europe, and Russia with the help of the regime in Pyongyang. Its mission is global intelligence gathering, CISA n
Activity Summary - Week Ending 20 November 2020:
- Red Sky Alliance identified 35,859 connections from new unique IP addresses
- Microsoft IP is a compromised C2
- APT 10 – Stone Panda back in the Top 5 Threat Actor Groups
- Capcom Hack - Part II
- Kucoin Exchange Hacked
- Kucoin-activity[.]com - Beware
- Cryptocurrency Challenges
- Plowshares going to Prison
- Black activists in Portland OR doing the Moonwalk
- Sodinokibi using BLM as Registry key
Link to full report: IR-20-325-001-Tactical Cyber Brief325_FINAL.
Brazil is known for its pristine beaches, nightlife, hot dancing, and of course - The Girl from Ipanema. A recently uncovered Brazilian banking Trojan targeting Android devices can spy on over 150 apps, including those of banks, cryptocurrency exchanges, and fintech firms, as a way to gather credentials and other data, according to an analysis by security firm Kaspersky. A Trojan is sometimes called a Trojan virus or a Trojan horse virus, but that is a contradiction. Viruses can execute and r
Remember the Dark Side comics? Well, the DarkSide criminal hacking group is no laughing matter. The DarkSide Ransomware gang claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. DarkSide is operated as a Ransomware-as-a-Service (RaaS) where developers control programming the ransomware software and payment site, and affiliates are recruited to hack businesses and encrypt their devices.
DarkSide is the latest ransomware criminal gang to anno
Distributed denial-of-service attacks target websites and online services. The aim is to overwhelm them with more traffic than the server or network can accommodate. The goal is to render the website or service inoperable. The traffic can consist of incoming messages, requests for connections, or fake packets. In some cases, the targeted victims are threatened with a DDoS attack or attacked at a low level.
DDoS attacks have not been in the spotlight this year, due the onslaught of high dollar a
