X-Industry

CHRO Daily has shared some cyber security matters that keep experts awake at night.  Their goal was finding out what was top of mind for the world’s preeminent HR heads. Luckily, many leaders were willing to share their deepest motivations and frustrations of the job.  Below are some of the more impactful answers CHRO Daily received about their most significant concerns and preoccupations in the space.[1]

These interviews have been edited and condensed for clarity.

Allison Rutledge-Parisi, senio

A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it is a significant upgrade over the Pupy RAT, an open-source remote access trojan it is modeled on.  It is written in Python. Malware of this type is used to gain remote control of a target computer. Threat actors have been observed using a legitimate a process that reports errors in Windows (and Windows applications) to distribute Pupy.  RATs are designed to allow attackers to remotely control infected comput

Located at Groom Lake in the middle of the barren desert of southern Nevada, Area 51 is a U.S Air Force installation that has become infamous for a speculated connection with unidentified flying objects (UFOs).  Conspiracy theories surrounding the base suggest that it is used for the testing of alien technology recovered from supposed crash sites, like the famous one in Roswell, New Mexico. This has been fueled by the fact that the base was a secret for many years and is still inaccessible to th

An Application Programming Interface (API) is a set of defined rules that enable different applications to communicate with each other.  It acts as an intermediary layer that processes data transfers between systems, letting companies open their application data and functionality to external third-party developers, business partners, and internal departments.[1]

The definitions and protocols within an API help businesses connect the many applications they use in day-to-day operations, saving emp

The US Securities and Exchange Commission (SEC) this past week approved new rules that require publicly traded companies to publicize details of a cyber-attack within four days of identifying that it has a "material" impact on their finances, marking a major shift in how computer breaches are disclosed.  "Whether a company loses a factory in a fire, or millions of files in a cybersecurity incident, it may be material to investors," the SEC chair said.  "Currently, many public companies provide c

ChatGPT is a generative AI model that applies user inputs to train itself and continuously becomes more efficient.  Because ChatGPT has accumulated many more user interactions since its launch, it should, in theory, be much smarter as time passes.  Researchers from Stanford University and UC Berkeley conducted a study to analyze the improvement in ChatGPT's large language models over time, as the specifics of the update process are not publicly available.  To experiment, the study tested both GP

MSMQ is a proprietary messaging protocol developed by Microsoft that allows applications running on separate computers to communicate in a failsafe manner. MSMQ ensures reliable delivery by placing messages that fail to reach their intended destination in a queue and then resending them once the destination is reachable.  RabbitMQ is an open-source messaging queuing protocol similar to MSMQ.

The MSMQ service is hosted as a standalone Windows service under MQSVC.EXE.  The MSMQ operation is implem

Google’s malware scanning platform VirusTotal published an recent apology after hundreds of individuals working for defense and intelligence agencies globally had their names and email addresses accidentally exposed by an employee.

In a public statement, VirusTotal said it apologized “for any concern or confusion” the exposure may have caused and said it took place on 29 June, when the employee accidentally uploaded a CSV file to the platform.[1]  “This CSV file contained limited information of

Anyone can become a phishing attack expert on underground forums for as little as US$ 50.  For about a year, a new Phishing-as-a-Service (PaaS) offering has been used to target Microsoft 365 accounts in the manufacturing, healthcare, technology, and real estate sectors, according to cyber threat researchers.  Named ‘Greatness,’ the service has been used in several phishing campaigns since mid-2022, mainly targeting organizations in the US, with other victims in the UK, Australia, Canada, and Sou

Trend Micro has always taken extremely seriously its commitment to secure the connected, digital world.  But we also know that in the fight against cybercrime, its resources are most effective when shared and combined with others working towards the same goals.  That's why Trend Micro has no issues about teaming up with other security vendors, as well as academics and law enforcement agencies.  Red Sky Alliance has always held this collaborative approach.

This "better together" approach has seen

This week, Rust-based file-encrypting ransomware was found to be impersonating the cybersecurity firm Sophos https://www.sophos.com as part of its operation.  The malware named ‘SophosEncrypt’, the malware is being offered under the Ransomware-as-a-Service (RaaS) business model and appears to have already been used in malicious attacks.  After several security researchers warned of the new RaaS, Sophos said it was aware of the brand's impersonation and was investigating the threat.

See:  https:/

In 2019, a video surfaced of then - US Speaker of the House Nancy Pelosi that appeared to show her in an impaired condition.  The video was a deepfake featuring footage modified to make the Speaker seem intoxicated or unwell.  Yet despite its inauthenticity, the video went viral and received millions of views on social media.  Today, many users remain unable to tell the difference between deepfakes and legitimate media.

What Are Deepfakes?  Deepfakes are synthetic videos, images, or audio record

Generative artificial intelligence (AI) could be used by foreign adversaries to interfere in next year’s presidential election, President Joe Biden’s nominee to lead US Cyber Command and the NSA warned this past week.  “As we look at this election cycle, the area that we do have to consider that will be slightly different will be the role of generative AI as part of this,” an Air Force Lt. General told the US Senate Armed Services Committee during his second nomination hearing.  “And so, our con

Buying a house these days is almost insurmountable.  Who can afford to pay cash for a decent house, or even the minimum downpayment?  That’s where lenders come in.  Banks and finance companies have been doing this for years.  But now there is an elephant in the room, called AI.  The top US bank regulator is warning that lenders need to ensure that artificial intelligence tools don't perpetuate biases and discrimination in credit decisions.[1]

Federal Reserve Vice Chair for Supervision Michael Ba

The Biden administration recently announced a new cyber initiative to label smart devices considered safe and less vulnerable to attacks.  As part of the new cybersecurity labeling program, a new ‘US Cyber Trust Mark’ shield logo will be applied to products that meet specific cybersecurity criteria. 

Proposed by Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel, the program aims to improve the cybersecurity of smart devices, including smart consumer products and electronics,

Chrome Woes

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution.  Google Chrome is a web browser used to access the internet.  Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user.  Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts

The QR code system was invented in 1994 under a team led by Masahiro Hara from the Japanese company Denso Wave.  A QR code (quick-response code) was developed as a type of two-dimensional matrix barcode for labelling automobile parts.  Now, using a new twist to bypass detection from security solutions, cyber-attacks are now employing QR codes that your users will not recognize as anything suspicious.

Threat actors need some means of getting a user to engage with malicious content – whether an at

Cybercrime and cyber espionage activity continue to multiply against all industries and sectors, causing financial and material damage to targeted networks.  Cyber insurance has assisted in mitigating the impacts of cyber malfeasance, offsetting costs associated with recovering from cyber-attacks.  A Government Accountability Office report found that the increasing severity and frequency of cyberattacks led more organizations to seek cyber coverage, which has been increasing in price as the volu

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associate

A series of cyberattacks across Texas, including some in the Houston region, are part of a growing statewide and national trend of increasingly sophisticated groups working through computers to steal money and information, according to officials in the FBI. In 2022, for instance, the FBI received more than 21,800 complaints of a cyberattack called a business email compromise scheme, totaling around $2.7 billion in reported losses, said a spokesperson for the FBI's office in Houston. Of that tota