All Articles (1163)

Sort by

10893599672?profile=RESIZE_400xWith women’s rights at issue, hackers have disrupted the works of Iran’s Fars news agency, one of the main sources of news disseminated by the state during protests over Mahsa Amini's death, the agency reported.  Iran has been shaken by numerous in country and international protests since Amini’s death while in custody on 16 September after her arrest for an alleged breach of the country's dress code for women.  Iran’s first protests focused on the state-mandated hijab, or headscarf, for women,

10891633057?profile=RESIZE_400xActivity Summary - Week Ending on 25 November 2022:

  • Red Sky Alliance identified 26,613 connections from new IP’s checking in with our Sinkholes
  • Contabo GmbH in Germany hit 100x
  • Analysts identified 769 new IP addresses participating in various Botnets
  • New RapperBot Campaign
  • Somnia Ransomware
  • New Inlock and Xorist Variants
  • Debugging .NET Malware
  • Iranian Drones
  • City of Westmount, Quebec hit
  • Nord Stream2 and AIS
  • Kiwi Attacks

Link to full report: IR-22-329-001_weekly329.pdf

10889556266?profile=RESIZE_400xThe SEC's new rule requires public companies to report material cybersecurity incidents within four business days after determining that an event has occurred.   Many organizations ignored the topic when discussions about cybersecurity came up, but as more businesses are victimized by hackers and experience effects that hit their bottom line in ways that require them to share the information with regulators.  But changes are coming to the rules of the Securities and Exchange Commission that will

10889539265?profile=RESIZE_180x180A China-based cyber actor group is leveraging the trust associated with popular international brands to orchestrate a large-scale phishing campaign dating back as far as 2019.   The threat actor, Fangxiao, is said to have registered over 42,000 imposter domains, with initial activity observed in 2017.  Fangxiao targets businesses in multiple verticals, including retail, banking, travel, and energy.  The offers promised financial or physical incentives are used to trick victims into further sprea

10890216501?profile=RESIZE_400xSwashbuckling pirates and sabotage on the high seas have gone digital.  Ransomware has replaced the cutlass.  In fact, the entirety of modern conflict has evolved into Fifth Generation Warfare with information and perception as its framework.  Often referred to as the "Gray Zone" or "hybrid warfare," the term encompasses cyberattacks, nonviolent economic pressure and disinformation campaigns.[1]

It’s the weaponization of anything.  The threat is massive and echoed by many.  Klaus Schwab, Founder

10889538276?profile=RESIZE_400xSecurity researchers are alerting about an ongoing supply chain attack that uses malicious Python packages to distribute an information stealer.  The attackers have been active since October 2022.  The attack was uncovered by investigators on 01 November 2022, with the attackers copying existing popular libraries and injecting a malicious ‘import’ statement into them. The purpose of the injected code is to infect the victim’s machine with a script that runs in the background. The script, which f

10889526673?profile=RESIZE_400xThe holidays are when people unknowingly let their guard down, and cybercriminals know it.  They take advantage of people at home who are in a good mood, excitedly awaiting packages that are gifts for family or friends; and they also know employee counts are low as the staff takes vacation time and someone not used to a certain role might be covering for another employee.  It is a holiday recipe for potential disaster.



10889453457?profile=RESIZE_400xRecorded Future has shared information regarding potential threats to the 2022 World Cup soccer matches set in Qatar.  Email-based phishing attacks targeting the Middle East doubled in October in the lead up to the World Cup in Qatar, according to new research from Trellix.  Many of the emails purport to come from the FIFA help desk or ticketing office while some impersonate specific team managers and departments.  Others claim to be notifications about bans implemented by FIFA, or spoof Snoonu,

10888599100?profile=RESIZE_400xThe US Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are releasing this joint CSA to disseminate known Hive IOCs and TTPs identified through FBI investigations as recently as November 2022.  FBI, CISA, and HHS encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of ransomware incidents.  Victims of ransomware operations should report the incident to thei

10887944079?profile=RESIZE_400xAccording to cyber experts, threat groups are making nearly 1,000 attempts to hack account passwords every single second and they are more determined to succeed with the number of attacks increasing.  This analysis comes from Microsoft's Digital Defense Report 2022 and are based on research of trillions of alerts and signals collected from the company's worldwide ecosystem of products and services. 

The report cautions that cyber-attacks are increasing, with account passwords still very much the

10887081863?profile=RESIZE_400xThe ramifications from the 2017 NotPetya attack, which the US government said was caused by a Russian cyber-attack in Ukraine, continues to be felt worldwide as now cyber insurers are modifying coverage exclusions; that is - expanding the definition of these attacks as an "act of war."  This 5-year-old cyber-attack appears to be leading the insurance industry on its head.

Mondelez International, parent of such popular brands as Cadbury, Oreo, Ritz, and Triscuit, was hit hard by NotPetya, with fa



Red Sky Alliance regularly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with assoc

10879261686?profile=RESIZE_400xActivity Summary - Week Ending on 10 November 2022:

  • Red Sky Alliance identified 23,574 connections from new IP’s checking in with our Sinkholes
  • Timeweb[.]ru hit 251x – for the 2nd Week
  • Analysts identified 1,762 new IP addresses participating in various Botnets
  • Patching is Very Important
  • Microsoft Patch Tuesday
  • YouTube - You’re Not Helping
  • Vidar stealer
  • Stolen Data in Australia
  • Lloyd’s of London
  • School System Stands its Ground
  • Oil & Gas - ABBs

Link to full report: IR-22-313-001_weekly313.pdf

10872439077?profile=RESIZE_400xHundreds of regional and national news websites in the United States are delivering malware because of a supply chain attack involving one of their service providers. Cybersecurity researchers reported on 02 November 2022 that a threat actor it tracks as TA569 appears to be behind the attack.  The hackers have targeted an unnamed media company that serves many news outlets in the US.

The service provider delivers content to its partners via a JavaScript file.  The attacker modified the noted cod

10878390288?profile=RESIZE_400xImpending doom looked foreseeable with Elon Musk’s $44 billion acquisition of Twitter and began to show early on even before the billionaire completed his purchase.  From the daily tit-for-tat on his Twitter acquisition stance, it became apparent to some that that Musk’s indecisive nature foretold an ominous future for Twitter.  However, the actual chaos ensued just hours after Musk became the largest stakeholder in the bird app.  From his plan to grant a “blue tick” verification symbol to anyon

10879113465?profile=RESIZE_400xThe internet opened the door to a realm of possibilities that permanently changed the business and social landscape and our personal lives.  Most users are no longer restricted to dial-up; many of us now consider access to a stable internet connection as a critical aspect of our daily lives. We pay our bills online, check our bank statements, communicate via email, and maintain a presence on social media.  Many users rely on the web for work and entertainment, and seeking out information through

10872425495?profile=RESIZE_400xAccording to a new report published by cybersecurity firm Group-IB, a French-speaking cybercrime group may have stolen more than $30 million from banks and other types of organizations in the past years.  The threat actor has been named Opera1er. Some of its activities were previously investigated by others, who have named it Common Raven, Desktop-Group, and NXSMS.

The cyber threat investigators are aware of 30 successful attacks between 2019 and 2021. In many cases, the same victim was attacked

10873817894?profile=RESIZE_400xRobots are taking over the world.  According to Oxford Economics, there will be 14 million robots in China by 2030 and 20 million worldwide.  In the USA, robots will modify or replace 1.5 million job positions.  Labor shortages due to the COVID-19 pandemic encouraged both manufacturers and warehouse companies to partner with robotic companies to optimize human and robot collaboration.   We have already seen robots build robots, what is next?

Now enter the engineers from Google, they have unveile

10872418267?profile=RESIZE_400xThe US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are raising awareness of the potential threat posed by attempts to manipulate information or spread disinformation in the lead-up to and after the 2022 midterm elections.  Foreign actors may intensify efforts to influence the outcomes of the 2022 midterm elections by circulating or amplifying reports of real or alleged malicious cyber activity on election infrastructure.  Additionally, th

10865680887?profile=RESIZE_400xA recent cyber-attack caused the trains operated by Denmark’s largest train service DSB to come to a halt.  Threat actors hit a third-party IT service provider associated with DBS, which slammed the brakes on.  The cyber-attack hit the Danish company Supeo, an IT service that provides enterprise asset management solutions to railway companies, transportation infrastructure operators and public passenger authorities.  DSB is the largest train operating company in Denmark.[1]

“Trains throughout th