A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "more_eggs." More_eggs virus is a backdoor Trojan that is utilized by Cobalt Group and other criminal gangs to attack corporations and regular users More_eggs virus is a backdoor Trojan that was used by infamous cybercriminal group the Cobalt Group More_eggs is written in JavaScript programming language. To increase the odds
All Articles (2444)
Sort by
One of the largest insurance firms in the US CNA Financial was reportedly hit by a “sophisticated cybersecurity attack” on 21 March 2021. The cyber-attack disrupted the company’s employee and customer services for three days as the company shut down “out of an abundance of caution” to prevent further compromise.
Founded in 1967, the Loews Corp subsidiary is among the top 10 cyber insurance companies and the leading 15 casualty and property insurers in the US. It employs about 5,800 workers and
US Lawmakers and security experts have expressed disappointment that US President Joe Biden’s $2.25 trillion infrastructure plan does not include funding to protect vital facilities against the growing threat of cyberattacks. This infrastructure package failed to provide money to defend critical systems, such as the US power grid, against hackers, according to media sources last week. “Any critical infrastructure modernization must take cybersecurity into account from the start,” said the OT d
Activity Summary - Week Ending 2 April 2021:
- Red Sky Alliance identified 34,034 connections from new unique IP addresses
- Analysts identified 3,876 new IP addresses participating in various Botnets
- 20 new unique email accounts compromised with Keyloggers were observed this week
- Soccer player’s name Berat Can Sonmez is being used to lure Victims
- EggShell Malware
- New US-IRS Phishing Campaign
- WordPress Vulnerabilities
- ClearURL and Goggle
- Honeywell and Molson Coors Attacked
- Manufacturing IT & OT
- Cyb
With the recent shipping stoppage in the Suez Canal, it became very apparent the transportation vulnerabilities in areas of constricted passages. Preliminary reports indicate mechanical and weather errors caused the grounding; or was it? Engine failure and heavy weather have both been cited as reasons behind merchant vessel (M/V) Ever Given’s grounding in the Suez Canal. But neither are convincing and plain old navigation errors (humans) may be at the root of the casualty, report Lloyd's of L
Many countries are investing seriously in their 5G network, especially in Asia – China leading the way. But beware: more connectivity through 5G networks also comes with increased cybersecurity threats. As new technology links both the physical (OT) and virtual world (IT), 5G security risks will have wide security impacts. To overcome these security challenges, researchers need to build security regimes that protect not only 5G infrastructure and services, but the applications and IoT device
After recently announcing the end of the operation, the administrator of Ziggy ransomware is now pledging to give their ransom generated money back. BleepingComputer says that it appears that this is a planned move since the admin shared the "good news" a little over a week ago but gave no details. Ziggy ransomware ceased operations in early February. In a brief announcement, the administrator of the operation said that they were “sad” about what they did and that they “decided to publish all
A US Congressional Representative from the State of Washington recently reintroduced a bill that would create a nation-wide data privacy standard, to be enforced by the Federal Trade Commission (FTC), that in its latest version is intended to gather bipartisan support by addressing specific Republican concerns. The Information Transparency and Personal Data Control Act, if passed, would replace a patchwork of current state laws and provide an influx of $350 million to the FTC’s budget to enforc
The threat group behind the Sodinokibi ransomware claimed to have recently compromised nine organizations. The REvil ransomware threat group is on a cyberattack tear, claiming over the past three weeks to have infected ten organizations across Africa, Europe, Mexico and the US. The organizations include two law firms, an insurance company, an architectural firm, a construction company and an agricultural co-op, all located in the US; as well as two large international banks (one in Mexico and
Activity Summary - Week Ending 26 March 2021:
- Red Sky Alliance identified 26,343 connections from new unique IP addresses
- Analysts identified 2,393 new IP addresses participating in various Botnets
- 47 new unique email Accounts compromised with Keyloggers were Observed
- Go Daddy-East is Compromised
- Netbounce
- Clast82 Android Malware
- Google & WebView
- XcodeSpy
- Clubhouse app
- SkyGlobal
- WeChat hits
Link to full report: IR-21-085-001_weekly_085.pdf
Finally, you both deserve and earned that vacation trip to the Bahamas. “I have loads of frequent flyer miles I have use and get there on the cheap.” Or so you thought. The cyberattack on SITA, a commonly used airline service provider, has compromised frequent-flyer data across many airline carriers. SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry. The company provides its services to around 400 members and 2,8
Recently, IBM X-Force threat intelligence has been observing a rise in Dridex Banking Trogan related network attacks that are being driven by the Cutwail botnet. Also known as Pushdo or Pandex botnet. Cutwail botnet is originally infected by Cutwail Trojan, a malware able to download and execute files. Cutwail is a famous spam bot widely used in large-scale spam campaigns. It also serves as a DDoS botnet sending SSL attacks. Dridex is delivered as a second-stage infector after an initial docum
Active since 2018, the actors behind Mespinoza ransomware, also known as the Protect Your Systems Amigo (PYSA) group are opportunistic attackers looking to earn a profit. It is unclear where these threat actors are based, but unlike many of the other ransomware groups, PYSA actors are indiscriminate in their targeting of educational institutions, healthcare facilities, foster care, and more. The group has joined the growing trend of leaking data, that has been stolen during a ransomware attack
I am not writing about Nim, the mathematical game of strategy, but I am concerned about another “Nim” and you do not want to lose this game. Cybersecurity researchers have unwrapped an "interesting email campaign" undertaken by a threat actor that has taken to distributing a new malware written in Nim programming language. Recently named "NimzaLoader" by Proofpoint researchers, the development marks one of the rare instances of Nim malware discovered in the threat landscape. "Malware developer
It is difficult to stop supply chain attacks if partner accounts are compromised. What can you do when these attacks are indistinguishable from insider threats? The current rash of financial fraud and supply chain attacks exploit a seemingly unsolvable vulnerability in your security strategy. Attackers exploit the fact that you must communicate with outside partners and vendors to thrive as a company or an institution.
As you interact with partners, the door to exploitation opens, specifically
Singapore is testing unmanned surface vessels with a locally developed, AI-driven navigation algorithm that could be used for maritime security operations in the congested but strategically important waters around the southeast Asian island nation. Upon completion, the Republic of Singapore Navy is expected to then field four USVs in the role. The country’s defense ministry said this will add another layer of surveillance and operational response for its maritime borders.
The ministry added tha
Digitalization in the maritime sector remains a double-edged sword, because while technology and digital tools support the supply chain significantly, these same tools have opened new vulnerabilities. Competition in the digital arena is the reflex response from the shipping sector designed to compete at every level. The industry, however, must relearn its reactions to develop a collaborative mind-set when developing cyber systems, particularly where cybersecurity is concerned.[1]
Increased con
Physical security concepts and practices has been around for centuries. Cyber security, not so long. We all are painfully more aware than ever of the need for strong cybersecurity. Network security should be in most business systems, yet the Internet of Things (IoT) has opened the realm of malicious cyber-attacks to a height unseen in recent times. IoT in any open space creates the potential for various cyber-attacks that can disrupt system operation and negatively impact a customer’s busine
The US Department of Justice (DOJ) continues to warn that cyber-criminals are impersonating state workforce agencies (SWAs) to steal Americans' personal data. In a press release issued 5 March 2021, DOJ reported it had received reports that bad cyber actors are creating fake websites that mimic sites genuinely belonging to SWAs. "The fake websites are designed to trick consumers into thinking they are applying for unemployment benefits and disclosing personally identifiable information and oth
Activity Summary - Week Ending 19 March 2021:
- Pharmacie Midombo in Benin has some Problems
- Cuck, a Movie title, or a Dangerous Lure
- Analysts identified 26,343 connections from new unique IP addresses checking into our Sinkholes
- Red Sky Alliance observed 17 new unique email accounts compromised with Keyloggers
- Analysts identified 2,157 new IP addresses participating in various Botnets
- DearCry Ransomware
- GoldMax, GoldFinder, and Sibot
- PYSA Ransomware attacking Education
- Düsseldorf University Hosp
