Cybersecurity researchers have identified 116 malicious packages on the Python Package Index (PyPI) repository designed to infect Windows and Linux systems with a custom backdoor. Sometimes, the final payload is a variant of the infamous W4SP Stealer, a simple clipboard monitor to steal cryptocurrency, or both, noted investigators.
The packages are estimated to have been downloaded over 10,000 times since May 2023. The threat actors behind the activity have been observed using three techniques
BlackCat/ALPHV ransomware leaders claim they have restarted operations on the group's primary blog, despite the Department of Justice claim that it gained control of the site. Further, in retaliation for the law enforcement actions against the gang, they announced they have dropped a previous ban on cyberattacks against critical infrastructure. BlackCat also claimed that, beyond "Unseizing" the sites, the decryption key being offered by the FBI is outdated and from an older blog, according to a
https://youtu.be/8QL0l7hcHgc A laser communications experiment flying aboard NASA’s Psyche mission has beamed back a video to Earth from nearly 19 million miles (31 million kilometers) away and the short clip stars a cat named Taters. It is the first time NASA has streamed a video from deep space using a laser. In the ultra-high definition video, the playful orange tabby cat chases, of all things, the elusive red dot from a laser pointer as it moves across a couch. The cat video was transmitt
Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been downloaded over 12 million times. Despite their attractive appearance, these services are designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims' personal and financial information to blackmail them and ultimately gain their funds.
The cybersecurity investigators are tracking these apps under Sp
Spokesmen from Microsoft https://www.microsoft.com are warning of an increase in malicious activity from an emerging threat cluster it is tracking as Storm-0539 for directing gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. The goal of the attacks is to propagate booby-trapped links that direct victims to Adversary-in-the-Middle (AiTM) phishing pages that can harvest their credentials and session tokens
A known ransomware group claims to have breached the systems of Kraft Heinz, but the food company says it cannot verify the cybercriminals’ allegations. The ransomware group named Snatch publicly named Kraft Heinz on its website on 14 December 2023, but the post appears to have been created on 16 August 2023, which indicates that the attack occurred months ago.
See: https://redskyalliance.org/xindustry/snatch-ransomware
Snatch ransomware first appeared in 2018 and was formerly called Team Trun
Double-Extortion ransomware is a type of cyberattack in which the threat actors exfiltrate a victim’s sensitive data in addition to encrypting it, giving the attacker additional leverage to collect ransom payments. A typical ransomware attack will only encrypt the target’s data. The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the US. "Play ransomware ac
Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated
In the face of unrelenting pressure from significant cyber incidents and regulatory action to mitigate them, enterprises are assessing whether they are doing enough to deal with cybersecurity. Public companies are evaluating responses to new SEC rules calling for disclosures regarding cybersecurity strategy, risk management, and governance practices. The SEC’s action against Solar Winds is setting off alarm bells throughout the cybersecurity community, causing CISOs to worry about personal lia
Meta recently released a new standalone AI image generator. The tech is based on its Emu image synthesis and the way it all works might surprise you. Consider this with Meta AI already built into the Meta apps like Messenger and Instagram. It is now available in a browser window and is quite impressive. The only catch is that users are the ones supplying the source images.[1]
Meta scrapes all of our social media feeds to the tune of about one billion images, according to Ars Technica. The A
A new wave of phishing messages distributing the QakBot malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its Command-and-Control (C2) network. Microsoft investigators who made the discovery, described it as a low-volume campaign that began on 11 December 2023, and targeted the hospitality industry. Targets received a PDF from a user masquerading as an IRS employee," the investigators posted in a series of posts
The DNA testing company 23andMe was served with a class action lawsuit in California after cyber thieves gained access to personal data for at least a million clients. The lawsuit claims the popular DNA company “intentionally, willfully, recklessly, or negligently” failed to implement adequate safety measures to protect its customers whose birth year, location and ancestry trees were exposed during the attack. “On no later than 6 October 2023, unauthorized third-party cybercriminals gained acce
An Israeli-linked hacker group claims to have carried out a major cyber-attack on Iranian petrol stations, knocking 70% of them offline on 18 December. Predatory Sparrow, or “Gonjeshke Darande” in Persian, said it launched the “controlled” attack in response to “aggression” by the Islamic Republic and its proxies in the region. “This cyber attack was carried out in a controlled manner to avoid potential damage to emergency services,” the group said.
Addressing Iran’s Ayatollah Ali Khamenei, th
Cisco's Talos security researchers report that the North Korea-linked hacking group Lazarus has been observed deploying Dlang malware in attacks against organizations in the manufacturing, agriculture, and physical security sectors. Released in 2001, Dlang, or simply D, is a multi-paradigm system programming language built upon the idea of C++ but drawing inspiration from C#, Eiffel, Java, Python, Ruby, and other high-level languages. Dlang is considered an uncommon programming language for m
At its most basic, the term “auto fill” refers to a feature or set of features that enables users to insert previously entered information into web pages. Depending on the specific application being used, this can be any sort of information like names and address, moving all the way up to information that needs more protection such as credit card numbers and username/password combinations.
On Android devices, it is often the case that an application will display a login form by using what’s cal
Microsoft’s spokesman announced on 13 December 2023 the disruption of Storm-1152, a Cybercrime-as-a-Service (CaaS) ecosystem that created 750 million fraudulent Microsoft accounts supporting phishing, identity theft, and other schemes. The CaaS is believed to have made millions of dollars in illicit revenue by creating fraudulent accounts for other cybercrime groups to use in phishing, spam, ransomware, Distributed Denial-of-service (DDoS), and other types of attacks.
See: https://redskyallian
Tis the season for shopping. While shopping predictions and forecasts for the holiday season vary among experts, the consensus is that organized retail crime (ORC) continues to increase. According to the National Retail Federation’s 2022 Retail Security Survey, 35.9% of retailers reported that ORC offenders were much more violent than in 2021. It can be alarming for staff and customers to witness acts of aggression in stores, including yelling at store staff, shoving staff or customers, making
In the US, the Federal Bureau of Investigation (FBI) has issued guidance regarding the data breach reporting requirements of the US Securities and Exchange Commission (SEC), providing useful information on how disclosures can be delayed. The SEC announced in late July that it had adopted new cybersecurity incident disclosure rules for public companies, requiring them to disclose, through a Form 8-K filing, any material breach within four business days. The rules are set to go into effect on 18
The statistics are sobering: 61% of CISOs (and 53% of CEOs) think that their organization is unprepared to cope with a targeted cyberattack in the next 12 months. With mobile devices now making up a large part—even the majority—of the device estate, mobile security is more important than ever. Those managing security must protect a growing number and diversity of endpoints. Increasingly, those endpoints are mobile or using mobile connectivity. Bring-your-own-device (BYOD) policies, hybrid wo
Ransomware isn’t new, yet organizations still struggle to guard against this threat. According to the Fortinet 2023 Global Ransomware Report, in 12 months, two-thirds of organizations were targeted by ransomware, with half of those falling victim to an attack. As attackers advance their tactics, security and IT leaders must prepare for the inevitability of a ransomware attack. It is no longer a matter of “if” a business will be breached but “when.” Along with business leaders, those in the C
