The UN Security Council’s (UNSC) most recent Arria-formula meeting on a cyber-related topic took place on 4 April 2024. Organized by the Republic of Korea (ROK) and co-hosted by Japan and the United States (US) the session focused on the “Evolving Cyber Threat Landscape and Its Implications for The Maintenance of International Peace And Security.” The informal meeting included interventions from more than 30 delegations preceded by technical briefings from Deputy to the High Representative for
All Articles (1926)
Sort by
Palo Alto Networks has released fixes for a zero-day vulnerability affecting its GlobalProtect VPN product that is being targeted following its disclosure last week. Hotfixes for the vulnerability labeled: CVE-2024-3400, were recently published, as promised in an urgent notice about the bug on 12 April. The zero-day carries the highest severity score possible of 10.[1]
Security company Volexity, which Palo Alto credited with discovering the bug, said it “is highly likely” the attacker behind t
The Sysdig Threat Research Team (Sysdig TRT) recently discovered a long-running botnet operated by a Romanian threat actor group, which we call RUBYCARP. Evidence suggests that this threat actor has been active for at least 10 years. Its primary method of operation leverages a botnet deployed using a variety of public exploits and brute force attacks. This group communicates via public and private IRC networks, develops cyber weapons and targeting data, and uses its botnet for financial gain
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated
Hundreds of musicians have joined with the Artist Rights Alliance (ARA) to condemn the excessive use of Artificial Intelligence (AI) in the music industry. As well as they should. In an open letter organized by campaign group the Artists' Rights Alliance, AI will "infringe upon our rights and devalue the rights of human artists" if used irresponsibly. American singer Billie Eilish, Katy Perry, Elvis Costello, and UK star Engelbert Humperdinck are among 200 artists calling for the "predatory"
Some smart locks controlled by Chirp Systems' software can be remotely unlocked by strangers thanks to a critical security vulnerability. This remote exploitation is possible due to passwords and private keys being hard-coded in Chirp's Android app. Anyone who knows or finds these credentials can use them with an API maintained by smart lock supplier August to remotely open someone's Chirp-powered lock and thus unlock whatever door it is supposed to be protecting. Chirp has claimed its system
As if things were not messy enough in the Change Healthcare attack, a second cybercriminal gang RansomHub is trying to exhort the company's parent, UnitedHealth Group, and have it pay another ransom for data that an affiliate of Ransomware-as-a-Service group BlackCat claims to have stolen in February 2024. Threat intelligence firm SOCRadar in a recent blog post said RansomHub is threatening to sell "to the highest bidder" 4 terabytes of "highly sensitive data" stolen in the Change Healthcare a
Have you noticed that the latest cyberattacks are threatening the very existence of many smaller medical clinics and their doctor's ability to deliver care? The recent cyberattack that took offline the largest US billing and electronic payment system operated by Change Healthcare (https://www.changehealthcare.com), a significant division of UnitedHealth Group, is only the latest, but maybe the current great example.
See: https://redskyalliance.org/redshorts2023/15-healthcare-cyber-security
The
Adobe is recruiting help from its network of photographers and videographers to train its new AI text-to-video generator, but is the company paying enough? To catch up with other AI video generators like Google's Lumiere and OpenAI's Sora, Adobe is purchasing videos that show people engaging in everyday activities like walking, running, using a cell phone, and working out, and other videos showing emotions like sadness, excitement, or rage. Adobe also requests simple videos of human anatomy l
Businesses are constantly seeking new ways to gain a competitive edge and drive growth. However, amid the vast volumes of data generated daily, there lies a hidden treasure trove of information often overlooked - dark data. According to Gartner, dark data refers to the wealth of information assets that organizations collect, process, and store during regular business activities but fail to utilize effectively.
One needs to understand the untapped potential of dark data and the transformative
Despite the LockBit Ransomware-as-a-Service (RaaS) gang claiming to be back after a high-profile takedown in mid-February 2024, an analysis reveals significant, ongoing disruption to the group's activities, along with ripple effects throughout the cybercrime underground, with implications for business risk. LockBit was responsible for 25% to 33% of all ransomware attacks in 2023, according to investigators, easily making it the biggest financial threat actor group of the last year. Since it eme
Today is Tax Day in the US, April 15th. A reminder to get your taxes filed, or at this point, ask for an extension. And a warning to be mindful of other US government agencies being targeted. A recent study reports that cyber warfare is increasingly likely to target federal services that help everyday residents meet their basic needs.
The report, which is authored by researchers from the Center for Strategic and International Studies, points out that traditionally, cyber defense has focused
The UK's competition watchdog sniffed around the AI industry with a bit more interest than usual on 11 April at an antitrust event in the US. Speaking at the 72nd Antitrust Law Spring Meeting in Washington DC, Sarah Cardell, CEO of the UK Competition and Markets Authority, discussed "growing concerns" that the web of connected partnerships between AI technology companies may hinder competition. "I think it’s fair to say that when we started this work, we were curious," said Cardell. "Now, wit
Match Systems, a leading authority in crypto crimes investigations and crypto AML solutions provider, has published a comprehensive analytical report examining the potential implications of Central Bank Digital Currency (CBDC) implementation.
In a landscape where the debate between cryptocurrency proponents and CBDC advocates intensifies, Kutin’s report offers a balanced perspective on the advantages and drawbacks of transitioning to a digital currency framework. The report delves into the nuan
The term "malvertising" (or "malicious advertising") suggests an overlap with ads, and not good ones. Therefore, it fuels the fallacy that its impact hardly goes beyond frustration. As a result, those who are unfamiliar might get the impression that it is no big deal, but this is a far cry from the case.
Malvertising acts as a vessel for malware propagation. To set such a stratagem in motion, cybercriminals poison legitimate websites with ads that lead to shady URLs or download malicious code c
Chinese-language Phishing-as-a-Service platform ‘darcula’ targets organizations in 100+ countries with sophisticated techniques using more than 20,000 phishing domains. ‘Darcula’ [sic] is a new, sophisticated Phishing-as-a-Service (PhaaS) platform used on more than 20,000 phishing domains that provide cyber criminals with easy access to branded phishing campaigns. Rather than the more typical PHP, the platform uses many tools that high-tech startups employ, including JavaScript, React, Docker,
Generative AI (GenAI) technologies have introduced a new era of innovation, offering organizations unprecedented capabilities to create, automate, and optimize. With these advancements come complex challenges surrounding intellectual property (IP) management. In a post-ChatGPT world, businesses find themselves at a crossroads, needing to adapt their IP strategies to safeguard their assets effectively.
See: https://redskyalliance.org/xindustry/chatgpt-review
GenAI technologies possess the dual
In 2023, FortiGuard Labs uncovered the 8220 Gang’s utilization of ScrubCrypt to launch attacks targeting exploitable Oracle WebLogic Servers. ScrubCrypt has been described as an “antivirus evasion tool” that converts executables into undetectable batch files. It offers several options to manipulate malware, making it more challenging for antivirus products to detect. Analysts recently discovered a threat actor distributing a phishing email containing malicious Scalable Vector Graphics (SVG) f
With supply chain attacks on the rise, and nation-state attackers constantly looking for new ways to disrupt national security and economic stability, one of the most vulnerable areas is the security around our maritime operations. The current US administration's recent Executive Order to fortify the cybersecurity of US ports underscores this concern, spotlighting the urgency of addressing vulnerabilities in a sector that drives over $5.4 trillion in economic activity annually. This initiative
AI might not be coming for all jobs, but it might be coming for some. UPS’s https://www.ups.com largest layoff in its 116-year history was the result of, in part, new technologies, including AI, CEO Carol Tomé said during an earnings call in February 2024. Meanwhile, IBM plans to pause hiring for roles it thinks could soon be automated by AI, CEO Arvind Krishna told Bloomberg in 2023.
Workers are not optimistic about the future. In a recent survey from McKinsey, 25% of business professional
