No, the current US presidential administration has not created a game show, but it has launched a competition offering millions of dollars in prize money for creating new artificial intelligence systems that can defend critical software from hackers. Competitors vying for some of the $18.5 million in prize money will need to design novel AI systems that quickly find and fix software vulnerabilities in electric grids, subways or other key networks that could be exploited by hackers, a Biden admi
All Articles (1934)
In recent years the rise of illicit activities conducted within online messaging platforms has become a growing concern for countless industries. Telegram is one of the most notable platforms that has been host to many malicious actors and nefarious activities. Thanks to its accessibility, popularity, and user anonymity, Telegram has attracted many threat actors driven by criminal purposes.[1]
Many cybercriminals have moved operations into illicit telegram channels to expand their reach and ex
Voyager Space and Airbus Defense and Space are expanding their relationship via a new joint venture (JV) focused on the design, build, and operation of the Starlab commercial space station. The two companies recently announced they will partner on Voyager’s Starlab space station in January 2024, saying that Airbus would provide “technical design support and expertise.” Still, little else was disclosed at the time. Today’s news marks a considerable uptick in commitment from Airbus and a signal
Just recently, I have the opportunity to view a behind-the-scenes tour of security at Major Leage Baseball’s Fenway Park, home of the Boston Red Sox. Even though the park is the oldest in major league baseball (1912), I was amazed in the use of high tech being employed in their security program. Microsoft is now warning of the threat malicious cyber actors pose to stadium operations, warning that the cyber risk surface of live sporting events is "rapidly expanding." "Information on athletic p
Intelligence agencies in Australia, Canada, New Zealand, the UK, and the US have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022. The Five Eyes agencies say, threat actors mainly targeted internet-facing systems that were not patched against older, known vulnerabilities, including flaws for which Proof-of-Concept (PoC) exploit code exists publicly.
“Malicious cyber actors generally have the most success exploiting known vulnerabi
Cybersecurity researchers have discovered new malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. The npm registry is a public database of JavaScript packages that developers use to contribute packages to the community or download packages for their own projects. The default npm public registry is found at https://registry.npmjs.org. npm is configured to use this registry by default, but it can be configured to use any compatible regi
Multiple threat actors, including cybercrime groups and nation-state crews, leverage services offered by an obscure Iranian company called Cloudzy https://cloudzy.com. Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran, in possible violation of US sanctions under the direction of someone named Hassan Nozari. The company acts as a command-and-control provider (C2P), which provides attackers with Remote Desktop Protocol (RDP) virtual private s
Microsoft reported on 02 August 2023 that they caught a known Russian government-linked hacking group using its Microsoft Teams chat app to phish for credentials at targeted organizations. According to a research report from their Threat Intelligence team, the hacking team is linked to the Foreign Intelligence Service of the Russian Federation (also known as the SVR) and has been caught targeting government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, a
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.[1]
THREAT INTELLIGEN
The phishing-as-a-service platform 16shop was taken down on 8 August as part of a global investigation led by Interpol. Law enforcement arrested a 21-year-old Indonesian man accused of administering the platform, along with two other individuals involved in its operation: one in Indonesia and one in Japan. The police also confiscated electronic devices and several luxury items belonging to the suspects.
According to a report from cybersecurity firm Group-IB, which was involved in the takedown,
In recent news, the cloud-based IT management service JumpCloud publicly shared details gathered from the investigation into an intrusion on their network. Alongside the updated details, the organization shared a list of associated indicators of compromise (IOCs), noting attribution to an unnamed “sophisticated nation-state sponsored threat actor.” Reviewing the newly released indicators of compromise, we associate the cluster of threat activity to a North Korean state sponsored APT.[1] The IO
The White House is bringing in AI’s top seven companies to make voluntary promises (really, we can trust them) to protect users. The companies Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI have all agreed to a series of asks from the White House to address many of the risks posed by artificial intelligence.vvThe promises consist of investments in cybersecurity, discrimination research, and a new watermarking system informing users when content is AI-generated. What else wi
Five vulnerabilities, two deemed critical, have been found in the Terrestrial Trunked Radio (TETRA) standard. TETRA is the most widely used police radio communication system outside the US. It is used by fire and ambulance services, transportation agencies, utilities, military, border control, and customs agencies in more than 100 nations globally and by the UN and NATO.
The vulnerabilities were discovered by cybersecurity firm Midnight Blue (Amsterdam, Netherlands) with funding from NLnet as
Merchant vessels and ports are extraordinarily vulnerable to increasingly sophisticated cyberattacks against OT systems. It is estimated that 90% to 95% of all shipped goods at some stage travel by sea. This makes the global maritime industry the largest and most important supply chain. Successful cyberattacks against the maritime supply chain would have the potential to damage individual companies, national finances, and even the global economy.
The maritime sector includes the ports and the
Elon Musk shocked Twitter users (again) with a rebrand of the social media platform, complete with a name change and a new logo that did away with the brand's iconic blue bird. Twitter is now X, with X.com redirecting to Twitter.com. But what is "X"? Musk's vision for X has been a long time coming, and the Twitter rebrand isn't as surprising as it may seem. Just weeks before Musk acquired Twitter for $44 billion, he hinted at his vision for the social media platform, tweeting that "Buying Twitt
Maintaining today’s digital acceleration takes time, effort, and scrutiny. Adding new tools and investments increases the complexity and vulnerability of enterprise security environments, exposing gaps in communication and collaboration, creating siloed systems, and slowing response times. Securing the enterprise against today’s increasingly sophisticated threat landscape calls for a cybersecurity platform architecture automated for operational efficiency, a security architecture broad enough
A trio of influential artificial intelligence leaders testified at a congressional hearing on 25 July 2023, warning that the frantic pace of AI development could lead to serious harms within the next few years, such as rogue states or terrorists using the tech to create bioweapons.
See: https://redskyalliance.org/xindustry/ai-and-its-hazards
Yoshua Bengio, an AI professor at the University of Montreal who is known as one of the fathers of modern AI science, said the United States should push fo
Maintaining today’s digital acceleration takes time, effort, and scrutiny. Adding new tools and investments increases the complexity and vulnerability of enterprise security environments, exposing gaps in communication and collaboration, creating siloed systems, and slowing response times. Securing the enterprise against today’s increasingly sophisticated threat landscape calls for a cybersecurity platform architecture automated for operational efficiency, a security architecture broad enough
The head of Russia’s space agency has extended an offer to Moscow’s partners in the BRICS group Brazil, India, China, and South Africa to participate in constructing a joint module for its planned orbital space station, state media reported on 24 July 2023.
See: https://redskyalliance.org/xindustry/the-brics
Construction of the planned space station follows Moscow’s decision last year to end its decades-long partnership with NASA and withdraw from the aging International Space Station, one of th
People interested in physical fitness and losing a couple of pounds have one more thing to worry about besides a visit to the bathroom scale. Internet-connected Peloton fitness equipment is plagued with numerous security issues that could allow attackers to obtain device information or deploy malware.
An analysis of the software running on the Peloton Treadmill has revealed exposure to security risks associated with Android devices that are not updated to the most recent platform iterations, as