EU Health Sector: Ransomware Accounts for 54% of Cybersecurity Threats
The European Union Agency for Cybersecurity (ENISA) released a report on 5 July with its first cyber threat landscape for the health sector. The report found that ransomware accounts for 54% of cybersecurity threats in the health sector.
The comprehensive analysis maps and studies cyberattacks, identifying prime threats, actors, impacts, and trends for a period of over 2 years, providing valuable insights for the healthcare
A new bill proposes to increase cybersecurity funding for rural water systems by $7.5 million dollars per year. It is not a lot of money for part of the critical infrastructure and is an insult to all taxpayers living in rural areas. The EPA budget for 2023 is nearly $12 billion. The bill was announced on 05 June 2023. “Congressman Don Davis (NC-01), along with Representatives Zachary Nunn (IA-03), Angie Craig (MN-02), and Abigail Spanberger (VA-07), members of the US House Committee on Agri
A new process injection technique named Mockingjay, not to be confused with the 2010 science fiction novel by Suzanne Collins which is part of The Hunger Games series, could be exploited by threat actors to bypass security solutions to execute malicious code on compromised systems. Unlike traditional methods, Mockingjay leverages legitimate DLLs with RWX (read, write, execute) sections to evade EDR hooks and inject code into remote processes.[1]
Process injection involves executing arbitrary co
Poor Canada is currently in the cross-hairs of hackers who are causing havoc with the Canadian driving public. Motorists who have pulled up to one of Canada’s Petro-Canada gas stations in the last few days have been greeted by “cash only” signs, as a cyber-attack on parent company Suncor Energy has disrupted the company’s payment and loyalty reward systems.
Red Sky Alliance recently highlighted this attack back when it began: https://redskyalliance.org/intel-reports/intelligence-report-weekly-d
For the first time, IBM https://www.ibm.com has used a quantum computer to solve a problem that eludes the leading classical methods. This accomplishment marks a significant milestone toward useful quantum computing systems and software.
IBM has published a paper in Nature, https://www.nature.com/articles/s42254-021-00410-6, that describes a breakthrough in Quantum computing wherein they solved a complex problem that leading supercomputing approximation methods could not handle. This achiev
After years of coercive laws and acts that were enforced against the American colonists of England, the British sent military troops to better enforce their laws. On 18 and 19 April 1775, the British General Thomas Gage led a force of British soldiers from Boston to Lexington, where he planned to capture colonial radical leaders Sam Adams and John Hancock, and then head to Concord and seize their gunpowder. But American spies got wind of the plan, and with the help of riders such as Paul Rever
Submarine cables, the backbone network of the global economy and telecommunications, are operating in an increasingly risky environment and are prone to geopolitical, physical, and cyber threats, including nation-state sabotage and spying. Fiber-optic submarine cables on the ocean floor transmit an estimated 99% of all intercontinental internet traffic and communications, including roughly $10 trillion of financial transactions daily and sensitive government and military communication, making t
Japan has confirmed balloons have flown over its territory and said it's prepared to shoot them down in future. China has not directly addressed the evidence presented by the BBC. US - China relations were thrown into turmoil earlier this year when an alleged Chinese spy balloon was shot down off the US coast.
See: https://redskyalliance.org/xindustry/the-chinese-balloon-not-a-good-sign
China claimed the balloon seen over north-western US in late January was a civilian airship, used for scien
Exploit and vulnerability intelligence provider VulnCheck https://vulncheck.com has issued a warning over fake security researcher accounts distributing malware disguised as zero-day exploits for popular software. The campaign was discovered in early May 2023, when researchers found a GitHub repository hosting code that its author claimed to be a zero-day for the Signal messaging application. The cybersecurity firm continued finding such accounts on GitHub, offering what they claimed to be z
A common tactic for cybercriminals is to distribute storage drives, phones, or other internet-connected devices filled with hidden malware to hack victims and steal their information. Although smartwatches have not been known for major security breaches so far, they carry many of the same vulnerabilities as other IoT products and warrant a similar degree of caution. A recent InfraGard brief by DHS cautioned the use of Smartphones and being vulnerable to malware.
The US Army’s Criminal Investiga
In today's digital world, automation is becoming increasingly widespread, giving rise to the prominence of bots. Bots are highly versatile software programs designed to automate tasks and streamline processes. While they offer convenience and efficiency, we must recognize the potential for misuse.
Over the past few years, bots have emerged as a new cybersecurity threat, as they can be manipulated for malicious purposes. This article will explore the realm of malicious bots, uncover their cyberse
The Office of the Australian Information Commissioner (OAIC) says some of its files were stolen in a ransomware attack on law firm HWL Ebsworth https://hwlebsworth.com.au.
One of the largest law firms in Australia, HWL Ebsworth, says in an incident notice on its website that it became aware of the incident on 28 April 2023, after the ALPHV_BlackCat ransomware gang boasted about the hack, and that it immediately informed the Australian authorities and started investigating the incident.[1]
See:
The Healthcare and Public Health (HPH) sector issued a warning on 22 June regarding SEO Poisoning. Search engine optimization (SEO) poisoning, considered a type of malvertising (malicious advertising), is a technique used by threat actors to increase the prominence of their malicious websites, making them look more authentic to consumers. SEO poisoning tricks the human mind, which naturally assumes the top hits are the most credible and is very effective when people fail to look closely at the
During their test, researchers from JUMPSEC managed to trick Microsoft Teams’ security mechanism into sending malware to the organization’s inbox by making it think that an external user was internal.
JUMPSEC’s Red Team members have discovered a security vulnerability in the External Tenants feature of Microsoft Teams that allows malware to be directly delivered to an organization’s employees. Attackers can inject malware into any system that uses Microsoft Teams’ default configurations and lev
Cybercriminals use various tactics to determine your passwords, and many people make an effort easier by using weak and simple ones. A new study from the payment firm Dojo on the most hacked passwords may help you stay safer online by knowing which mistakes to avoid. From the RockYou2021 collection of breached password lists, Dojo was able to examine more than 6 million such passwords. As a result, the firm uncovered the most commonly-used passwords, their average length, and the most popular
As anyone who regularly games online can attest, DDoS (dedicated denial of service) attacks are an irritatingly common occurrence on the internet. Drawing on the combined digital might of a geographically diffuse legion of zombified PCs, hackers can swamp game servers and prevent players from logging on for hours or days at a time. The problem has metastasized in recent years as enterprising hackers have begun to package their botnets and spamming tools into commercial offerings, allowing any
Sentinel Labs reports that in a previous post in this series, we looked at powering up radare2 with aliases and macros to make our work more productive. Still, sometimes we need the ability to automate more complex tasks, extend our analyses by bringing in other tools, or process files in batches. Most reverse engineering platforms have some scripting engine to help achieve this kind of heavy lifting, and radare2 does, too. In this article, researchers learn how to drive radare2 with r2pipe an
Remember the old phrase, “We are from the government and we are here to help?” A bipartisan group of lawmakers introduced legislation on 20 June 2023 that would create a blue-ribbon commission on artificial intelligence to develop a comprehensive framework for the regulation of the emerging technology. This raises the question, “What about the other countries, friends or foes and their intentions of using AI?”
See: https://redskyalliance.org/xindustry/regulation-v-innovation
Having two legis
The US Department of Energy and several other federal agencies were compromised in a Russian cyber-extortion gang’s global hack of a file-transfer program popular with corporations and governments. Still, the impact was not expected to be great, Homeland Security officials said on 15 June 2023. But for others, among what could be hundreds of victims from industry to higher education, including patrons of at least two state motor vehicle agencies, the hack was beginning to show some serious impa
Computer professionals may be impressed with artificially intelligent Large Language Models (LLMs) like ChatGPT that can write code, create an app, and pass the bar exam. A large language model (LLM) is a type of artificial intelligence (AI) algorithm that uses deep learning techniques and massively large data sets to understand, summarize, generate and predict new content. LLMs are capable of processing and generating text, and can be used for a wide range of applications, including language
