X-Industry

A new "All-in-One" stealer malware named EvilExtractor (also spelled Evil Extractor) is being marketed to other threat actors to steal data and files from Windows systems.  It includes several modules that all work via an FTP service.  The new stealer also contains environment checking and Anti-VM functions. Its primary purpose seems to be to steal browser data and information from compromised endpoints and then upload it to the attacker's FTP server."

The researchers said they observed a surge

The nasty Iranian nation-state APT group known as Charming Kitten is actively targeting multiple victims in the US, Europe, the Middle East, and India with a new malware named BellaCiao, adding to its ever-expanding list of custom tools.  Discovered by Bitdefender Labs, BellaCiao is a "Personalized dropper" that is capable of delivering other malware payloads onto a victim machine based on commands received from an actor-controlled server.  The attackers appear to customize their attacks for eac

Hacking has gone through several eras over the years, each with its own unique characteristics and motivations. Understanding the history of computer hacking is important for understanding its impact on technology and society, the current state of cybersecurity, and for developing effective strategies for protecting against cyber threats.  Debbie Hooper of Security Boulevard explores the history of computer hacking and cybersecurity threats from the 1950s to present day.[1] In our next post, we

Americans do not have a lot of faith in cryptocurrency.  Around 75% of those familiar with crypto say they are not confident that the current ways to invest in, trade or use cryptocurrency are reliable and safe, according to Pew Research Center’s April 2023 survey of 10,071 people ages 18 and older living in the US.  The survey found that about 18% say they are somewhat confident, but just 6% feel extremely or very confident.  Confidence varies by age as well. The survey found that about 66% of

Online scams can be extremely damaging to an individual's finances and steal sensitive information that can be a nightmare to fix.  In general, phishing scams will appear as innocent requests from online hackers, but if you follow their requests or hand over your Social Security information, then you should immediately contact your bank to ensure they do not open new accounts.  These scammers tend to target senior citizens and can be difficult to avoid daily while using the Internet.

How to prot

Companies in Finland are increasingly the target of cyber-attacks, Finnish authorities said last week.  Firms are reporting an uptick in cyber-attacks, the Finnish Transport and Communications Agency (Traficom[1]) and the Finnish Security and Intelligence Service (SUPO[2]) said in a joint press conference.  But despite the greater frequency of corporate cyber-attacks, the agencies said an event that could paralyze systems in Finland was highly unlikely.

The SUPO chief reported that Russia is inc

EvilExtractor (sometimes spelled Evil Extractor) is an attack tool designed to target Windows operating systems and extract data and files from endpoint devices. It includes several modules that all work via an FTP service.  It was developed by Kodex, which claims it is an educational tool. However, research conducted by FortiGuard Labs shows cybercriminals are actively using it as an info stealer.

Based on our traffic source data to the host, evilextractor[.]com, malicious activity increased si

A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to nefarious use by the now-defunct Conti ransomware gang members, indicating collaboration between the two crews.  The malware, named Domino, is primarily designed to facilitate follow-on exploitation of compromised systems, including delivering a lesser-known information stealer that has been advertised for sale on the dark web since December 2021.

Former TrickBot/Conti syndicate me

Cryptography refers to the practice of creating and using codes and ciphers to secure communication and information [2]. The encryption algorithm is a cryptographic algorithm that takes as input a plaintext and an encryption key, and outputs a ciphertext. The decryption algorithm is a cryptographic algorithm that takes as input a ciphertext and a decryption key, and outputs a plaintext [1].

The encryption key is a value known to the sender while the decryption key is a value known to the receive

It is a worrying fact that, while digital technology is transforming both our personal lives and our interactions with companies and government, it is also making us increasingly susceptible to fraud and other crimes.  According to the US Cybersecurity and Infrastructure Security Defense Agency, 47% of American adults have had their information exposed online from cyber criminals.  There is no reason to suspect that the picture is much different elsewhere.  Even those organizations that might be

Musk’s TruthGPT - Formerly named Twitter, now X Corp owner Elon Musk is warning on the dangers of artificial intelligence to humanity and claiming that a popular Chatbot has a liberal bias that he plans to counter with his own AI creation.  Musk stated in a recent interview that he plans to create an alternative to the popular AI Chatbot ChatGPT that he is calling “TruthGPT,” which will be a “maximum truth-seeking AI that tries to understand the nature of the universe.”

Remember in May 2022, whe

US payments company NCR Corporation https://www.ncr.com  confirmed on 15 April 2023 that a data center outage resulted from a ransomware attack.  A well-known ransomware group has taken credit for the attack. NCR first reported investigating an “issue” related to its Aloha restaurant Point-of-Sale (PoS) product on 12 April 2023.   The company said a limited number of ancillary Aloha applications for a subset of its hospitality customers had been impacted by an outage at a single data center.  “O

Researchers have recently revealed that a hacking device can allow thieves to steal a wide range of car models using an attack method named Controller Area Network (CAN) injection.  Automotive cybersecurity experts at the EDAG Group and Canis Automotive Labs started analyzing these attacks after one of the researchers had his 2021 Toyota RAV4 stolen last year.  The car was actually stolen on two occasions.  He found that someone had pulled apart his headlight and unplugged the cables.  What init

A veteran cybercriminal has revealed what is really on the dark web - where hackers, hitmen and drug dealers run wild.

The source, who has spoken anonymously, explained how hackers use ransomware to steal data for large payouts or 'to just see the world burn' and explained that any system connected to the web is at risk of an attack.[1]

'I've watched hospitals get encrypted and people are left with a choice: do I pay to decrypt the data or do I risk lives?' the man said while donning a mask to c

The Iranian nation-state group known as MuddyWater has been observed directing destructive attacks on hybrid environments under the guise of a ransomware operation.  The name is not to be confused with McKinley Morganfield (April 4, 1913 – April 30, 1983), known professionally as Muddy Waters, was an American blues singer and musician.  Iran could be singing the blues if they keep this up.

According to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor ta

April 18^th was Tax Day in the US.  Did you file your taxes?  If, not you can always get an extension.  Either way, tax payers in the US need to heed the warning from Microsoft security investigators.  Microsoft is warning of a new Remcos Remote Access Trojan (RAT) campaign targeting accounting and tax return preparation firms in the US.  Tax season in the US has long represented an opportunity for cybercriminals to target unsuspecting victims in various types of malicious attacks, including malw

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

Millions of consumers are now being urged to check their devices quickly after security experts found a new threat targeting Android phones.  The team at McAfee Mobile Security discovered the most recent attack, which can infect well-known applications with a malicious software library and start carrying out tasks without the smartphone owners' authorization.[1]

Cyber criminals can use a contaminated app to view Wi-Fi history, Bluetooth devices connected to a phone, apps used, and even nearby GP

The Polish government warns that a cyberespionage group linked to Russia's intelligence services targets diplomatic and foreign ministries from NATO and EU member states in an ongoing campaign that uses previously undocumented malware payloads.  The group, known in the security industry as APT29, Cozy Bear, and NOBELIUM, is believed to be part of Russia's Foreign Intelligence Service (SVR) and is the group behind the 2020 supply chain attack against software company SolarWinds that led to the co

No charging station is safe, as the FBI is warning travelers looking to charge their devices in airports, hotels, and coffee shops that "Juice Jacking" is a thing as bad actors are using public chargers and even free cables and charging plugs to infect phones and other devices with malware.[1]

According to an FBI "Scams and Safety" brief, which also discusses system and data protection and protecting money information:

• Be careful when connecting to a public Wi-Fi network, and do not conduct sen