X-Industry

The Canadian military has discovered Chinese spy buoys in the Arctic which allegedly are monitoring US submarines and melting ice sheets.  Such "activity is not new,” Canadian defense minister said in recent televised remarks, implying that China has been engaging in surveillance efforts in the region for some time.[1]  Russia has long sought an Arctic trade route to create shorter vessel travel to Europe.  Seems the Chinese may have the same idea, and oh; spy on its adversaries.

Officials descr

A 28-year-old Russian malware developer was extradited to the US where he could face up to 47 years in federal prison for allegedly creating and selling a malicious password-cracking tool.  Dariy Pankov, also known as “dpxaker,” developed what the US Department of Justice (DOJ) called “powerful” password-cracking program that he marketed and sold to other cyber criminals for a small bitcoin fee.  This case as reported by Recorded Future.

The tool called NLBrute, is a so-called brute-forcing tool

Russia-linked ransomware group Clop reportedly took responsibility for a mass attack on more than 130 organizations, including those in the healthcare industry, using a zero-day vulnerability in secure file transfer software GoAnywhere MFT.[1]  Cybersecurity & Infrastructure Security Agency (CISA) added the GoAnywhere flaw (CVE-2023-0669) to its public catalog of Known Exploited Vulnerabilities.  This Sector

Alert follows previous HC3 Analyst Notes on Clop (CLOP Poses Ongoing Risk to HPH Organiz

• A new threat cluster we track as WIP26 has been targeting telecommunication providers in the Middle East.
• Sentinel assess it is likely that WIP26 is espionage-related.
• WIP26 relies heavily on public Cloud infrastructure to evade detection by making malicious traffic look legitimate.
• WIP26 involves the use of backdoors, titled CMD365 and CMDEmber, which abuse Microsoft 365 Mail and Google Firebase services for C2 purposes.
• WIP26 also involves the use of Microsoft Azure and Dropbox instances as

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associa

A few years ago, Red Sky Alliance announced a new service named “Rocket Jot.”  The service allowed a user to enter some/any topic terms, and in less than a minute, a complete written report was delivered in Word format to the user.  The report often sounded a little like “robot speech” but was still complete and could be the basis for a “better” report with some grammar checking and additional sentences.  It also delivered a complete list of sources used for the report.  We offered the service

In 2015, ISIS conducted a series of coordinated attacks around Paris that killed 130 people and wounded nearly 500 more. Two years later, 39 people were killed in an ISIS attack on an Istanbul nightclub during the early hours of New Year’s Day.  This week, the US Supreme Court will hear oral arguments in a pair of cases arising from those attacks.  The justices’ decisions in Gonzalez v. Google and Twitter v. Taamneh could reshape legal liability for some of the nation’s largest technology compan

Vulnerability management comprises the entirety of workflows geared toward maintaining an up-to-date inventory of a company's digital assets, checking them for imperfections, and addressing the detected security loopholes.  It revolves around the principle of monitoring and hardening the security condition of a corporate IT infrastructure continuously to ensure proactive defenses against different forms of exploitation.

There is a difference between the use of garden-variety vulnerability scanne

US banks are backing away from crypto companies, concerned by a regulatory crackdown that threatens to sever digital currencies from the real-world financial system.  Banking regulators are raising concerns about banks’ involvement with crypto clients following last year’s blowup of Sam Bankman-Fried’s FTX. The Securities and Exchange Commission is aggressively pursuing the industry’s bigger players in a crackdown that threatens to narrow their reach.  That move has alarmed bankers who don’t wan

A new financially motivated campaign that began in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas.  Investigators said it "observed the actor scanning the internet for victim machines with an exposed remote desktop protocol (RDP) port 3389."  The attacks primarily focus on individuals, small businesses, and large organizations located in the US, and to a lesser extent in the UK, Turkey,

There seems to be a current trend of attacking the airline industry.  In Germany, seven airports were hit by a suspected cyber-attack on 16 February.  Düsseldorf, Nuremberg, and Dortmund airports were among those impacted, but the websites for Germany’s three busiest airports: Frankfurt, Munich, and Berlin—were all functioning normally.  These airports were victim to large-scale DDoS attacks.  Currently, other airport systems were not affected.  From Reuters, the chief executive also added that

Cyber threat researchers have identified a set of 38 security vulnerabilities in the wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments.  Threat actors can exploit vulnerabilities in Wireless IIoT devices to gain initial access to internal OT networks. They can use these vulnerabilities to bypass security layers and infiltrate target networks,

Oakland California officials declared a state of emergency on 14 February after a cyberattack that first hit city technology systems last week, which continues to make it impossible to pay parking fees, fines and taxes online or connect by phone with most city departments.  “The Office of the Mayor at Oakland City Hall. Oakland officials declared a state of emergency over a recent cyberattack that hobbled critical government technology systems.”  Calls to 911 and city emergency services are stil

Cybersecurity researchers have found a new piece of evasive malware named “Beep” (just one Beep) designed to operate undetected and deliver additional payloads onto a compromised host.  The authors of this malware were trying to implement as many anti-debugging and anti-VM (anti-sandbox) techniques as they could find, reported investigators.  One such technique involved delaying execution through the Beep API function, hence the malware's name.[1]

All PCs previously shared an 8254 programmable i

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.  Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.  Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Users whose accounts are configured to have few

The cyber threat landscape is very fluid, with cybercriminals constantly adjusting tactics to stay ahead of organizations. Commoditization is also making cybercrime easier through the use of toolkits.  

Cybercrime has never been more accessible for opportunistic criminals.  The proliferation of cybercrime marketplaces has seen collaboration increase, but also means hacking tools are more available than ever.  In fact, 76 percent of malware kits are on sale for less than £10. These marketplaces h

Four out of five (79%) businesses make most cyber security decisions without insights into the threat actor targeting their infrastructures.  The claims come from Google-owned threat analytics company Mandiant, which has also said that while 67% of cybersecurity decision makers believe senior leadership teams still underestimate cyber-threats, 68% agree their organization needs to improve its understanding of the threat landscape.[1]

The data in Mandiant's Global Perspectives on Threat Intellige

Qakbot was first observed in 2008.  While it was originally a banking trojan, it has evolved   over   time   to   include   gaining   access, dropping  additional malware,   and performing other data-stealing, ransomware, and malicious activities   across a network.

QakNote is the name of the new QakBot campaign.  It was first reported by Cynet researcher, Max Malyutin, on Twitter, who explained that threat actors were experimenting with a new Distribution method to replace the former use of ma

Back in the 1960’s there was a popular American TV derived band called the Monkees.  Then in Australia, there was first ‘The Three Drunk Monkey’s’ – now it’s just called The Monkey’s.  The Monkey’s is a creative solutions company that create advertising, entertainment and technology products.  Monkey clients include The University of Sydney, Telstra, IKEA, UBank and Parmalat.   The Monkey’s are now working close with Telstra in a new device cyber security campaign.[1] 

When it comes to the cyber

With the average cost of cars being close to buying a small house, auto financing is almost always required for most buyers.  Digital retailing is here to stay in the automotive industry, and it is growing exponentially.  While many think the auto industry is most worrying about getting inventory levels back to normal, their primary concern is fraud in digital retailing and the subsequent threat of profit erosion.   According to industry estimates, approximately one out of every five car buyers