All Articles (609)

Sort by

9333480298?profile=RESIZE_400xA data lake is an unstructured repository of data that allows for the storage of different data types from different sources.  Depending on the requirements, a typical organization will require both a data warehouse and a data lake as they serve different needs and use cases.  A data warehouse is a database optimized to analyze relational data coming from transactional systems and lines of business applications.  The data structure and schema are defined in advance to optimize for fast SQL queri

9331924088?profile=RESIZE_400xActivity Summary - Week Ending 30 July 2021:

  • Red Sky Alliance identified 29,998 connections from new unique IP addresses
  • Analysts identified 7,608 new IP addresses participating in various Botnets
  • Do you used Cucurut on YouTube?
  • ‘dmechant’ Malware - Still on the Radar
  • Candiru’s Spyware
  • Google Chrome Security update
  • DNS Cache Poisoning
  • RedLine Malware and the Olympics
  • Israel and Japan working to Protect the Olympics
  • IceFog at the Summer Olympics?
  • BlackMatter group

Link to full report: IR-21-211

9328211474?profile=RESIZE_400xEarlier this month, the infamous hacking group LulzSec’s founder issued a stern warning to the US.  If 2020 was coined The Year of the Digital Pandemic, then 2021 has still not discovered any digital vaccines.  Cyber-attacks have grown rapidly over the past year, and are showing no indications of slowing down.  One ‘former’ Black Hat hacker expressed his growing concern at the lack of preparedness the United States has shown.

The US government has been attacked by several world superpowers durin

9325603291?profile=RESIZE_192XThere appears to be continuing data breach campaign inside the THORChain’s security system. THORChain is a cross-chain DeFi protocol that was hacked last week for the first time and suffered a loss of $8.3 million.  Now it has been hacked again, and this time, attackers allegedly managed to steal $8 million worth of cryptocurrency Ether.

According to THORChain, the decentralized e-commerce exchange has become a victim of a sophisticated attack on its ETH router.  THORChain posted to Twitter to a

9318796279?profile=RESIZE_400xRed Sky Alliance has been monitoring a global phishing campaign which leverages the Ex-Robotos phishing kit to gain access to usernames and passwords of targeted victims. This specific attacker generally targets engineering organizations but has been seen targeting other industries as well. They have been sending out emails since May of 2021, though the tool has been publicly available for purchase since 1 July 20191. Phishing plays a major role in cyber-attacks and often leads to data breaches

9315119659?profile=RESIZE_400xRecently, ransomware criminals claimed as trophies at least three North American insurance brokerages that offer policies to help others survive the very network-paralyzing, data-pilfering extortion attacks they themselves apparently suffered.

Cybercriminals who hack into corporate and government networks to steal sensitive data for extortion routinely try to learn how much cyber insurance coverage the victims have. Knowing what victims can afford to pay can give them an edge in ransom negotiati

9313833695?profile=RESIZE_400xThere’s an old saying in the American West: “Whiskey is for drinking; water is for fighting.”  Back in March, Red Sky Alliance presented facts surrounding the Oldsmar, Florida water treatment cyber-attack.  Well, this critical infrastructure in the US remains a target to cyber-criminals.

The idea that access to water, especially the clean, drinkable kind, is something that is worth fighting for is nothing new.  But cyber security was never a real factor in water safety.   Recent incidents have e

9310314865?profile=RESIZE_400xAlmost 2 years ago (09-2019), Red Sky Alliance reported on the negative ramifications of TikTok: “TikTok is a popular social media app for sharing short user-created video clips.  TikTok is a youth-oriented app that is used primarily by those in the 16-24 age demographic.  TikTok is hugely popular with about 500 million monthly users worldwide and more than 26 million users in the United States.  The problem is that TikTok is a Chinese social media app, developed in China by a young engineer nam

9303968686?profile=RESIZE_400xLast October, the information technology (IT) department at the University of Vermont Medical Center (UVM) began receiving reports of malfunctioning computer systems across its network.  Employees reported they were having trouble logging into business and clinical applications.  Some reported the systems were not working at all. Within a few hours, the IT department began to suspect the hospital was experiencing a cyberattack.   At that time, the possibility was very much a reality to the IT te

9302081078?profile=RESIZE_400xActivity Summary - Week Ending 23 July 2021:

  • Red Sky Alliance identified 19,903 connections from new unique IP addresses
  • Top observed Attacker Server (C2): Alexey[.]rybalov@yandex.ru & taleq[.]simeon888@mail.com
  • Analysts identified 2,670 new IP addresses participating in various Botnets
  • DLL Side-Loading Technique
  • dmerchant
  • WildPressure
  • China keeps pulling Triggers
  • Russia Cyber-Attacks
  • Saudi Aramco Hit with Ransomware
  • Cell Phones and Spying
  • Norway blaming China for March cyber-attack
  • What will b

9297250058?profile=RESIZE_400xIn the past several weeks, South Africa has experience violent riots in response to the arrest of its former president.[1]  The unrest is having serious repercussions for the country's mining sector. The outbursts, located in the province of KwaZulu Natal, are hampering the activity of local mines, but also that of Durban and Richards Bay port terminals.  On 22 July, a cyber-​​attack has directly disrupted the operation of South Africa’s busiest container terminal.  It’s the largest on the Afric

9297005663?profile=RESIZE_400xCybersecurity professionals, including the US expert team at the Cybersecurity and Infrastructure Security Agency (CISA), often focus on promoting best practices: the necessary steps that organizations must take to secure their enterprises. It is equally important for organizations to focus on stopping bad practices.

High-risk and dangerous technology practices are often accepted because of competing priorities, lack of incentives, or resource limitations that preclude sound risk management deci

9296918455?profile=RESIZE_400xA password, sometimes called a passcode, is secret data and is typically a string of characters, usually used to confirm a user's identity.  Traditionally, passwords were expected to be memorized, but due to the large number of password-protected services that a typical individual accesses, this can make memorization of unique passwords for each service (nearly) impractical.

Using the terminology of the US-based NIST Digital Identity Guidelines, the secret is held by a party called the claimant

9289110685?profile=RESIZE_400xPalo Alto Networks, Unit 42 has provided great research on the Mespinoza criminal cyber group.  As cyber extortion flourishes, ransomware gangs are constantly changing tactics and business models to increase the chances that victims will pay increasingly large ransoms.  As these criminal organizations become more sophisticated, they are increasingly taking on the appearance of professional enterprises.  One good example is Mespinoza ransomware, which is run by a prolific group with a penchant fo

9280948300?profile=RESIZE_400xThe National Security Agency, the FBI and other agencies are tracking an ongoing Russian cyberespionage campaign in which attackers are using brute-force methods to access Microsoft Office 365 and other cloud-based services, according to an alert published Thursday.  The campaign, which started in 2019, has targeted "hundreds" of businesses, government agencies and organizations worldwide, mainly in the U.S. and Europe, the NSA reports. The victims include several U.S. Department of Defense unit

9278913070?profile=RESIZE_400xCOVID-19 has changed many companies’ hybrid work force procedures, but with vaccines reaching new heights, many workers are returning to their offices.  As the US opens back up and employees get back in the offices, violence and physical threats to businesses are being seen at an unsettling, record-high pace, according to the Ontic Center for Protective Intelligence.

The study showcases the collective perspectives of physical security directors, physical security decision-makers, chief security

9272802297?profile=RESIZE_400xHackers have recently tampered with critical infrastructure entities in the US.  This includes the Colonial Pipeline incident that affected the supply of gas and the JBS Foods hack that affected operations of the meat-packing giant.  Neither of these ransomware attacks had any severe, real-world consequences.  Some people could not put gas in their cars for a few days, or the price of meat might have gone up in some areas, but no lives were immediately threatened.

But what if the hackers decided

9272722667?profile=RESIZE_400xData management has bothered large companies for decades.  Almost all firms spend both time and money on it and still find the results unsatisfactory.  While the issue does not appear to be growing worse, resolving it is increasingly urgent as managers and companies strive to become more data-driven, leverage advanced analytics and artificial intelligence, and compete with data.

Most companies struggle with a few common but significant data management issues:

  • First, companies have concentrated

9271222487?profile=RESIZE_400xA recent cyber security blog by researcher Maahnoor Siddiqui, he provides a clear picture of the threats and vulnerabilities in the Transportation supply chain.  A concern shared by Red Sky Alliance.  Our 40-minute commute to work in the morning can feel like an insular event.  Whether it is by bus, train, ferry, or car; it can be hard to place this single event within the vast network of transit that occurs every day.  These small personal journeys make up a highly interconnected transportation

9259840279?profile=RESIZE_400xDie Zahl der registrierten Cyberkriminalität steigt im deutschen Cyberspace weiter an, wobei sich Cyberkriminelle zunehmend auf "größere Beute" konzentrieren.  Die Zahl der DDoS-Attacken nimmt weiter zu, ebenso deren Intensität.  Die Täter sind global vernetzt und agieren mit zunehmender Geschicklichkeit und Professionalität.  Die Dark-Web-Underground-Economy wächst und stellt eine kriminelle, globale Parallelökonomie dar, die primär auf finanziellen Profit aus ist.  Haupttreiber des Profits ist