All Articles (419)

Sort by

8140694258?profile=RESIZE_400xAkamai recently published a report detailing criminal activity targeting the retail, travel, and hospitality market segments with attacks of all types and sizes between July 2018 and June 2020.  The report also includes numerous examples of criminal ads from the Dark web illustrating how they cash in on the results from successful attacks and the corresponding data theft.

So, what is credential stuffing?  Please visit and read our full report at:

8131365296?profile=RESIZE_400xThe 2020 election season appears to have to end in sight.  For states not under vote-counting-scrutiny, there have been many ballot measures around the country that have drawn people's attention.  One of these measures is Proposition 24 in California, known as the California Privacy Rights Act of 2020 (CPRA). The measure passed with a majority of people voting to strengthen consumer privacy rights.

The new measure will update existing conditions from the 2018 California Consumer Privacy Act (CCP

8131297495?profile=RESIZE_400xThe number of attacks related to Emotet continue to spike after the dangerous botnet re-emerged over the summer with a fresh phishing and spam campaign that is primarily infecting devices with a banking Trojan, according to new research from HP-Bromium, an end-point security company.

Emotet is a malware strain and a cybercrime operation. The malware, also known as Geodo and Mealybug, was first detected in 2014 and remains active, deemed one of the most prevalent threats of 2019. First versions o

8131231863?profile=RESIZE_400xIt should come as no reprise that ransomware groups that steal a company's data and then get paid a fee to delete it don't always follow through on their promise.

The number of cases where this has happened has increased, according to a report[1] published by Coveware this week and according to several incidents shared by security researchers with ZDNet researchers over the past few months. These incidents take place only for a certain category of ransomware attacks — namely those carried out by

8130485055?profile=RESIZE_400xActivity Summary - Week Ending 6 November 2020:

  • Red Sky Alliance observed 60 unique email accounts compromised with Keyloggers
  • A University of Albert professor may be Keylogged
  • Analysts identified 44,623 connections from new unique IP addresses
  • Collection identified 3,097 new IP addresses participating in various Botnets
  • Ryuk Evolving Its Encryption and Evasion TTPs
  • GravityRAT
  • Eastern European cybercriminal group Attacking Health Care Services
  • FBI warns of an "imminent" increase in Ransomware a

8128171082?profile=RESIZE_400xAccount takeover seeks to infiltrate an existing account and use them for the criminal’s benefit.  Cyber threat actors will target any firm from any market segment, so there is no pattern to follow.  Once the criminal accesses the account, they may make unauthorized purchases and cash advances; they may also change account information so that the real owner does not receive notifications from the account.

According to a recent report, account takeover has tripled over a year-to-year comparison,

8127316299?profile=RESIZE_400xThe Maze cybercrime gang, which revolutionized the ransomware business by adding an extortion element to each attack, has issued a statement saying it has hung up its spikes and will retire, at least temporarily.  Can you believe anything a ransomware group says?  Maze posted a "retirement" notice to its darknet site on Nov. 1 saying: "This project is now closed." The word "project" appears to be a reference to the ransomware gang stating in the note that its attacks were intended to teach its v

8123810886?profile=RESIZE_400xThe Covid-19 pandemic has led to dangerous gray areas for employers, such as new BYOD policies, thanks to the rapid and required shift to remote working.  The work to home (WTH) phenomenon has cause numerous cyber challenges.  This creates an ‘insider threat’ scenario.  Yes, trusted employees working at home could become an insider threat, though most likely an unwitting threat.[1]  Many company cyber security professionals are starting to seriously examine the changing nature of traditional ins

Red Sky Alliance performs weekly queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this weekly list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonat

8120562100?profile=RESIZE_400xThey say, “Common Sense is Instinct; Enough of it - Genius.”  Let us prove a path toward cyber brilliance.  Cybersecurity hygiene has never been as important as it is today.  At home workers are now doing business remotely, putting in more hours and dealing with new situations they have never experienced.  For many, this change is both stressful and distracting.  These changes have upended the traditional workday and, in many cases, our concentration, which introduces risk.  Even the most securi

8110479090?profile=RESIZE_400xUS authorities are sharing a quick reference on Ransomware.  "Ransomware is a type of malicious software cyber actors use to deny access to systems or data.  The malicious cyber actor holds systems or data hostage until the ransom is paid.  After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems.  If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted. L

Link to full report: Ransomware_Exec

8094301083?profile=RESIZE_400xActivity Summary - Week Ending 30 October 2020:

  • Red Sky Alliance identified 42,687 connections from new unique IP addresses
  • 79 unique email accounts compromised with Keyloggers
  • Analysts identified 3,334 new IP addresses participating in various Botnets
  • Vulnerabilities in Multiple Adobe Products
  • Eval-stdin.PHP.Remote.Code.Execution
  • Spoofing US Census Bureau
  • Hungarian Financial Institutions hit with DDoS attack
  • Bots and Covid Loan Applications
  • Robinhood Markets Inc.
  • Hackers and ‘Social Bandits’
  • T

8082894658?profile=RESIZE_400xThere is no shortage of places within the Internet's dark market where stolen credit and debit card information is sold.  Most of them, truth be told, are criminal chancers trading in recycled data from old breaches; bargains are to be held for fraudsters willing to take a gamble that some of the bundle of payment cards they have bought will actually be usable.  Not only is it the biggest, but Joker's Stash, which was established in 2014, prides itself on traders selling the "freshest" of paymen

8088194863?profile=RESIZE_400xRed Sky Alliance analysts detected Fancy Bear impersonators targeting a US county election information website. Their DDoS ransom note claims they will take the site down one day before the election if not paid in Bitcoin. This year we see an uptick of similar impersonation emails claiming to be from Fancy Bear, Lazarus Group, or Armada Collective hackers.


Details: Florida Vote Case

Election support infrastructure being vulnerable to ransomware attacks is widely discussed.  But sites going dow

8083706282?profile=RESIZE_400xMicrosoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems.  Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in subverting ML systems.

Just as artificial intelligence (AI) and ML are being deployed in a wide variety of novel applications, t

8083672063?profile=RESIZE_400xAlmost five years ago, the Russian hackers known as Sandworm hit western Ukraine with the first-ever cyberattack to cause a blackout.  A never-before-seen act of cyber warfare that turned out the lights for over 250,000 Ukrainians.  Since then, Sandworm has perpetrated countless destructive attacks; another blackout on the Ukrainian capital of Kyiv, the release of the NotPetya worm in 2017 that spread globally and eventually caused $10 billion in damage, and an attack that temporarily crippled t

8080622291?profile=RESIZE_400xThe coronavirus pandemic and lockdown have forced organizations to make dramatic changes over a short period of time.  One of the biggest changes has been the shift to a remote workforce nationwide.  Because of the abruptness and speed of that transition, proper cybersecurity has not necessarily been followed, prompting cybercriminals to level more attacks against remote workers, devices, and assets.

Based on a recent survey by security provider Keeper Security looks at the types of threats aime

8080252671?profile=RESIZE_180x180A Mac or iPad appearing on your organization’s network may not be cause for concern at first.  But when did it join the network? What is it doing? Is it the only one?  These questions can help discern a benign connected device from a malicious product trying to infiltrate an organization.

"The number of unmanaged devices has pretty much exploded in the last five years," said the head of threat research at Awake Security.  More people are connecting to corporate networks with devices that are not

8066479468?profile=RESIZE_400xThe Ryuk threat actors have struck again, moving from sending a phishing email to complete encryption across the victim’s network in just five hours. That breakneck speed is partially the result of the gang using the Zerologon privilege-escalation bug (CVE-2020-1472) less than two hours after the initial phish.

The Zerologon vulnerability allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services, according to Mic