X-Industry

Malicious ADs served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools.  The findings come from researchers, who revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malware directly from Bing Chat conversations.

Introduced by Microsoft in February 2023, Bing Chat is an interactive search experience that's powered by OpenAI's large language model called GPT-4.  A month lat

Cybersecurity agencies from Japan and the US have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries.  The attacks have been tied to a malicious cyber actor dubbed BlackTech by the US National Security Agency (NSA), Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Japan National Police Agency

Web browser security has undergone significant changes over the past decade.  While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world.

The limitations of Browser Isolation, such as degraded browser performance and inability to tackle modern web-borne threats like phishing and malicious extensions, necessitate a shift towards more advanced solutions

In 1923, the Soviet Union created the Nagorno-Karabakh Autonomous Oblast (an oblast is an administrative region or province) within the Azerbaijan Soviet Socialist Republic.  This oblast has a 95% ethnically Armenian population.  In 1988, Nagorno-Karabakh intended to leave Azerbaijan and join the neighboring Republic of Armenia.  While the Soviet Union was able to keep the resulting tension under control, once the USSR began to collapse, armed conflict between Azerbaijan and Armenia began for co

The US Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023.  "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants were deployed in various combinations."

See:  https://www.ic3.gov/Media/News/2023/230928.pdf

Not much is

The US Democratic-backed AI Accountability Act of 2023 gives the US Federal Trade Commission (FTC) new authority and a new office to regulate how AI algorithms make critical decisions on housing, healthcare.  Democrats in the House and Senate are teaming up on legislation to give the federal government new authority to regulate artificial intelligence in “high-impact” use scenarios.

See:  https://redskyalliance.org/xindustry/regulation-v-innovation

The Algorithmic Accountability Act of 2023, int

Recently identified Xenomorph Android banking trojan samples show an expanded target list that now includes North American users.  Initially detailed in February 2022 and likely linked to the infamous banking trojan Alien, Xenomorph relies on overlays to steal users’ personal and login information.  It can also intercept notifications and SMS messages to bypass two-factor authentication.

See:  https://redskyalliance.org/intel-reports/intelligence-report-weekly-data-and-threats-04-20-2023

The mal

A US government shutdown affects about 800,000 federal employees out of 1.8 million full-time civil servants.  About 380,000 are furloughed, meaning they cannot work or get paid.  The rest are working without pay.  A government shutdown can cause financial hardship for many federal employees, who may have to use their savings to survive while furloughed.

Nearly 85% of US cybersecurity agency CISA staff may be sent home at the end of the week as a government shutdown looms.  The US government wil

"The production lines are at a standstill everywhere." The problems at VW were bigger than initially thought: The IT disruption is not only global, it also affects Audi in addition to Volkswagen.  An update from 27 September:  The disruption at Volkswagen (VW) seems bigger than initially known and it does not only affect the Volkswagen production facilities.  The VW subsidiary Audi and Porsche were also affected by the IT disruption, as an Audi spokeswoman admitted.  The extent to which this is

The National Student Clearinghouse (NSC) reported that nearly 900 colleges and universities across the US had data stolen during attacks by a Russia-based ransomware gang exploiting the popular MOVEit file-sharing tool.  The nonprofit manages educational reporting, data exchange, verification, and research services for 3,600 colleges and universities as well as 22,000 high schools.

In June of this year, the organization first confirmed that it was affected by exploitation of the tool, which was

Retch is a new ransomware variant first discovered in mid-August 2023.  It encrypts files on compromised machines and leaves two ransom notes asking victims to pay a ransom for file decryption.

Infection Vector - Information about the infection vector used by the Retch ransomware threat actor is not currently available.  However, it is unlikely to be significantly different from other ransomware groups.[1]  Retch ransomware samples have been submitted to a public file scanning service from the f

Fear, ignorance and forgetfulness are some of the reasons for widespread shortcomings in reporting cyber-attacks and breaches, both internally and externally, according to a new global survey conducted by Keeper Security.

The study, Cybersecurity Disasters Survey Incident Reporting & Disclosure, was published on September 26, 2023.  It found that, despite cyber-attacks being top of mind for IT and security leaders 40% of them said they had experienced one and 74% admitted they were concerned abo

It was 8:30 a.m. last Friday before a long weekend when Missouri's state court system learned it might have a cyber problem.  IT staff discovered the state court system's cybersecurity software had detected unusual activity coming from a system administrator's account at 2 am, well outside business hours.  Also suspicious?  That system admin was on vacation, said the director of IT services for Missouri State Courts, during the recent National Center for State Courts' (NCSC) Court Technology Con

Emerging technology in the maritime arena is being used for tracking emissions, avoiding collisions and route planning, but lawyers are circling the technology, a recent seminar reported.  The rapid expansion of artificial intelligence (AI) faces major stumbling blocks in shipping, where more than 80% of large vessels barely have enough communications capacity to send an email, a seminar heard on 19 September.

The use of problem-solving AI has the potential to cut costs in the coming decades, bu

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a this joint CSA to disseminate known ransomware IOCs and TTPs associated with the Snatch ransomware variant.  

Since mid-2021, Snatch threat actors have consistently evolved their tactics to take advantage of current trends in the cybercriminal space and leveraged successes of other ransomware variants’ operations.  Snatch threat actors have targeted a wide range of critical i

After years of spouting the need in an ease of reporting suspicious activity, I see the US Department of Homeland Security (DHS) now floating several new ideas for how to make federal cyber incident reporting rules ‘simpler’ for victim organizations — including the concept of a single reporting web portal.  Not a new concept, but a wise one. 

There are currently 52 in-effect or proposed federal cyber incident reporting requirements.  As part of the cyber incident reporting bill that was signed i

Law enforcement officials in Finland worked with Europol and a cybersecurity firm to take down a dark web marketplace called PIILOPUOTI.  The platform had operated on the Tor Network since May 2022 as a way for people to smuggle and sell drugs as well as paraphernalia into Finland, according to a statement from Finnish Customs.  “The criminal investigation is still underway.  At this point, Finnish Customs and our international cooperation partners will not provide any further information on the

FortiGuard Labs researchers recently captured a phishing campaign that spreads a new Agent Tesla variant. This well-known malware family uses a .Net-based Remote Access Trojan (RAT) and data stealer to gain initial access. It is often used for Malware-as-a-Service (MaaS).
An in-depth analysis of this campaign was performed, from the initial phishing email to the actions of Agent Tesla installed on the victim’s machine to collect sensitive information from the affected device. In this analysis, y

The media is full of stories about cyber threats, attacks, and ransomware demands, and why is this the norm?   Digital transformation creates larger data estates, opening new avenues of attack for cybercriminals.  Bad actors’ tactics are sophisticated and constantly evolving, making it difficult for companies to stay ahead of emerging threats.  Cyber threat intelligence gives businesses the information and capabilities they need to refine their defenses continually.

Targeted cyber threat intelli

The Iranian threat actor Charming Kitten has been linked to a new wave of attacks targeting different entities in Brazil, Israel, and the UAE using a previously undocumented backdoor named Sponsor.  Cybersecurity investigators are tracking the cluster under the name Ballistic Bobcat.  Victimology patterns suggest that the group primarily singles out education, government, healthcare organizations, human rights activists, and journalists.  At least 34 victims of Sponsor have been detected to date