X-Industry

In the last few years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, turning ransomware into the Internet's most severe security crisis.  Now, the US Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a new security warning.

Ransomware is a type of malicious software, or malware that prevents you from accessing your computer files, systems, or networks and d

According to trusted government sources, there is an increasing focus on US Cyber Command (CYBERCOM) to try and replicate the ability of the US Special Operations Command (SOCOM), the unified combatant command with the mission of overseeing the elements of the special operations in the US Armed Services to bring capabilities directly into the battlespace.  At a recent meeting, the chief of CYBEROM is quoted as saying that the command is “trying to build our authorities much in the same way Speci

A top US intelligence official on 12 January 2023 urged Congress to renew sweeping powers granted to American spy agencies to surveil and examine communications, saying they were critical to stopping terrorism, cyberattacks and other threats.  The remarks by an Army General - director of the National Security Agency, opened what’s expected to be a contentious debate over provisions of the Foreign Intelligence Surveillance Act that expire at year’s end.  The bipartisan consensus in favor of expan

The Russian invasion of Ukraine in early 2022 appears to have led to a double-digit decrease in stolen payment card records published to the dark web, according to researchers.

In a recent report, investigators analyzed detailed threat intelligence gleaned from the cybercrime underground to compile a report.  It reported a 24% year-on-year decrease in the volume of card-not-present records on dark web carding shops in 2022 to 45.6 million and a 62% slump in card present records, to 13.8 million.

The US Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec.  The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9) and command injection (CVE-2022-2068, CVSS score: 9.8).  Also patched by Siemens is an authentication byp

The Japanese auto company Nissan has sent out breach notification letters to thousands of customers to inform them of a leak of personal information (pii) through a third-party vendor.  The car company said it was notified on 21 June 2022 that names, dates of birth, and account numbers for Nissan Motor Acceptance Corporation, an indirect lender that helps people finance or lease Nissan vehicles, were exposed after it provided the customer information to an unnamed third party “for software testi

US President Biden signed the Quantum Computing Cybersecurity Preparedness Act into law on 21 December 2022.  The law is designed to secure the federal government systems and data against the threat of quantum-enabled data breaches ahead of ‘Q Day,’ the point at which quantum computers can break existing cryptographic algorithms.  Experts believe quantum computing will advance to this stage in the next five to 10 years, potentially leaving all digital information vulnerable to cyber-threat actor

Yesterday, the US Transportation Secretary said on a national news media outlet that the federal government is not prepared to rule out the possibility that a cyber-attack as behind the recent shutdown of the FAA's air traffic safety alert computer system on Wednesday morning.

The week ago, the US Federal Aviation Administration (FAA) discovered there was a “bug” in the NOTAM warning system on the night of 10 January and attempted a full reboot to fix the problem.  The reboot did not work.  The

The FortiGuard Labs team has discovered a new 0-day attack embedded in three PyPI packages (Python Package Index) called ‘colorslib’, ‘httpslib’, and “libhttps”.  These were found on 10 January 2023, by monitoring an open-source ecosystem.  The Python packages “colorslib” and “httpslib” were published on 7 January 2023, and “libhttps” was published on 12 January 2023.  All three were published by the same author, ‘Lolip0p’, as shown in the official PyPI repository.  ‘Lolip0p’ joined the reposito

Multiple government agencies and military bodies in the APAC region have been targeted by what appears to be a new advanced threat actor that uses custom malware.  Researchers refer to this group as Dark Pink (Group-IB) or Saaiwc Group (Anheng Hunting Labs), noting that it employs uncommon tactics, techniques, and procedures (TTP).[1]  The actor used DLL side-loading and event-triggered execution methods to run the payloads on compromised systems using the custom toolkit observed in the attacks.

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associa

Cybercriminals are still exploiting an old vulnerability in Intel drivers to gain access to networks in a way that allows them to bypass cyber security protections.  Cyber security researchers have detailed the attacks and suggest the campaign targeting Windows systems is the work of a cyber-criminal group they track as Scattered Spider, also known as Roasted 0ktapus and UNC3944.  Scattered Spider is a financially motivated cybercrime operation, which researchers say takes particular interest in

Third-party administrator of insurance products Bay Bridge Administrators (BBA)  https://www.bbadmin.com is informing roughly 250,000 individuals that their personal information might have been compromised in a September 2022 data breach.  Bay Bridge Administrators is a full- service, nationally-recognized, third party administrator of fully-insured employee benefit plans.  Representing top-rated insurance companies, Bay Bridge fills a niche market in the insurance industry by entering into agre

A financially motivated threat actor group tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador.  Cyber threat investigators offer new insights into the Spanish-speaking group's tactics and techniques, including the use of sophisticated tools and government-themed lures to activate the kill chain.

The group also tracked under the name APT-C-36, Blind Eagle is notable for its narrow geo

After being in the law enforcement and security profession for over 30 years, I trust very few people.  Maybe it’s just me, but I can be really rude on calls whom I don’t know calling my cell phone.  I don’t subscribe to being like me, but the barrage of suspicious calls, text messages and emails I currently receive seems to have drastically escalated.  All this harassment are social engineering tactics.  A recent article in Forbes highlights the need to play as a team. 

Social engineering attac

With the terrible flight issues with Southwest Airlines during the recent holidays in the rearview mirror, there now has been another airline shutdown, which the US Federal Aviation Administration (FAA) is calling an “outage.”  An overnight computer outage late on 10 January 2023 at the FAA lead to widespread flight delays and disruptions which is now cascading into hundreds of flight delays.  This just like a few weeks ago.[1] 

The FAA said the “outage” was in the Notice to Air Missions system,

At the end of November 2022, OpenAI released ChatGPT, the new interface for its Large Language Model (LLM), which instantly created a flurry of interest in AI and its possible uses.  However, ChatGPT has also added some spice to the modern cyber threat landscape as it quickly became apparent that code generation can help less-skilled threat actors effortlessly launch cyber-attacks.

Check Point Research’s (CPR) previously reported and described how ChatGPT successfully conducted a full infection

We are only 10 days into 2023 and already a ransomware attacks continue to escalate.  San Francisco’s Bay Area Rapid Transit (BART) is investigating an alleged ransomware attack after the Vice Society ransomware gang claimed to have attacked the agency.  BART which is the fifth-busiest heavy rail rapid transit system in the US, was listed on the group’s leak site on Friday.  The chief communications officer for BART, reported that they are investigating the data that was stolen and posted by the

In the past several years, Red Sky Alliance has tracked vessel spoofing is seen all along the transportation supply chain.  Now we are hearing that DNV Maritime has reported a cyber-attack on its ShipManager software that forced the company to take its servers offline.  The incident was detected on 7 January 2023, and DNV said its experts are working with IT security partners to put in place a technical recovery plan and ensure operations are online as soon as possible.[1]​

Meanwhile, users can

FortiGard has shared a great technical report on Monti, BlackHunt and Putin Ransomware. 

Affected platforms: Microsoft Windows
Impacted parties:   Microsoft Windows Users
Impact:                   Encrypts files and demands ransom for file decryption
Severity level:         High

Monti Ransomware:  Monti is a relatively new ransomware designed to encrypt files on Linux systems. Files encrypted by Monti ransomware have a ".puuuk” file extension. We are also aware of reports of potential Monti vari