All Articles (262)

4057063184?profile=RESIZE_710xRemember Mad magazine’s spokesman, Alfred E. Newman and his catch phrase, “What me Worry?’  This attitude is has taken root in many organizations’ views of cybersecurity and shows little improvement.  Cyber security experts estimate that only one in three small medium sized businesses (SMB) and small municipalities, with 50 or fewer employees rely on free or consumer-grade cybersecurity products.  Additional research indicated that one in five companies do not use any endpoint security either. A

4026067745?profile=RESIZE_710xNo, I am not making this up.  This really happened and it started with a phishing attack.  Those you who have read my past articles will see a theme, “Always verify any requests in person to change bank accounts or make any payment that is not authorized and verified by voice through a company office.  Never rely on an email alone.” 

Cyber criminals posed as the wife of Crown Bank CEO Jacinto Rodriques by utilizing a spoofed email address that really looked legitimate.  Crown Bank is a community

Our Red Sky Alliance analyst team uses Cisco Meraki and RedXray-Plus for our VIP client protection.  For numerous reasons, prospective clients often confuse the RedXray threat intelligence feed with an Intrusion Detection System (IDS; alerting/monitoring) or Intrusion Prevention System (IPS; blocking/preventing).

The Meraki device is different from RedXray service in several ways.  The Meraki is limited because it uses generic Sourcefire Snort rules and does not allow for the creation/use of cus

4007235433?profile=RESIZE_710xCan you go phishing in a Shark Tank?  Apparently, you can.  "Shark Tank" TV star Barbara Corcoran has lost close to $400,000 last week after her real estate office was duped by criminal hackers who used a small typo to gain access into her company.   

The phish started last week when an email chain was forwarded to Corcoran's bookkeeper whose name is “Christine.”  Confidential sources on Corcoran's team passed to media that the phishing email appeared to have been sent from Corcoran's executive

3986905201?profile=RESIZE_710xRansomware as a Service (RaaS) has a nice ring to its name, yet it spells big trouble for all businesses and government alike.  Targeted ransomware attacks are likely to increase in 2020 as RaaS continues to evolve into an even more profitable business model for cyber criminals.  This is one of the opinions expressed by numerous cyber security experts interviewed at RSA 2020.[1]  Dark web researchers are noticing a spike in demand for RaaS applications in hacker forums.  The ease of availability

3978010892?profile=RESIZE_710xPhishing attacks are the most common method of attacking any organization.  These types of attacks have been observed in all industries and government entities.  The latest infiltration campaign used by Iranian state sponsored hackers has been named, “The Return of the Charming Kitten.”  In this particular effort, hackers have targeted individuals in organizations that have been involved in economic and military sanctions against the Islamic Republic of Iran.  These targets include politicians,

3957006398?profile=RESIZE_710xA Massachusetts utility company power station was attacked by ransomware recently, and the company refused to meet attackers' ransom payment demands.  The Reading Municipal Light Department (RMLD) was targeted on 21 February 2020 by cyber-criminals trying to extort money by encrypting data in the station's computer system.  Unfortunately for them, management opted to hire an outside cyber threat consultant to help them deal with the ransomware infection instead of paying for the return of their

3918168862?profile=RESIZE_710xFrom Script Kiddies hackers and sophisticated Cybercriminals, to at times even State sponsored professional hackers; all are bent on the failure of consumers and companies to properly protect themselves.  Different motives, but all the same outcome of network disruption and financial ruin.  Weak passwords, vulnerabilities in software and systems, exposed sensitive information, all of these can lead a hacker to compromise your accounts and data.  Recent reporting from our Red Sky Alliance securit

3887263688?profile=RESIZE_710xFrom our Friends at the US Multi-State (MS)-ISAC:

OVERVIEW  Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for arbitrary code execution.  PHP is a programming language originally designed for use in web-based applications with HTML content.  PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution in the con

3865353138?profile=RESIZE_710xRansomware attacks have matured over the years, adopting more stealthy and sophisticated techniques, while at the same time fixing many of the implementation errors that earlier iterations had.  Many attacks are now gaining a new data leak component, which exposes companies to more than the traditional data loss associated with ransomware.  The trends observed by researchers over the past year indicate that these attacks are not going away and are likely to increase in frequency.  With the adven

3859747658?profile=RESIZE_710xThe FBI’s Internet Crime Complaint Center (IC3) published its 2019 Internet Crime Report which stated that cybercrime was behind individual and business losses of $3.5 billion, represented by 467,361 reported complaints received last year.  Under the subsection titled: “Reported Complaints,” many individuals and businesses did not report their losses and this dollar amount of losses is under reported.  IC3 says that it has received 4,883,231 complaints since its inception in May 2000, with an av

3772879530?profile=RESIZE_710xFrom our Friends and Colleagues at Dryad:
The coronavirus outbreak in China has forced several countries to resort to stringent quarantine checks in their battle to contain the spread and the measures are starting to have a knock-on effect on the global commodities shipping market.

3852293469?profile=RESIZE_710xDelays in loading and delivery of cargoes in the tanker, dry bulk and container shipping segments are being reported due to ships being forced to sit idle amid a lack of crew availability.
Merchant ships arriving in A

3841674407?profile=RESIZE_710x

 

As of January 1, 2020, California became the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages in amounts ranging from $100-$750 per incident, even in the absence of any actual harm, with the passage of the California Consumer Privacy Act (“CCPA”).  The class actions that follow are not likely to be limited to California residents, but will also include non-California residents pursuing claims under common law theories.  At Red Sk

3839435339?profile=RESIZE_710x

In daily business, you use strong passwords, change them often, update your anti-virus software and use common sense to protect yourself from malicious attacks that could harm your home computer.  But what else can you do when you travel?

When you are traveling, you are unaware of many types of threats, how can you keep your communications gear safe when you are not in the office or your own home?  According to a recent report, loses related to cybercrime is projected to exceed $6 trillion by 2

3838028473?profile=RESIZE_710xIt is getting more expensive for organizations that are victims of ransomware attacks to recover.  The average cost more than doubled in the final quarter of 2019.  According to a recent report, an average total cost of negotiation, remediation and ransom payment is $84,116.  This amount is almost double the previous figure of $41,198.

This increase is not only the result of cybercriminals demanding higher ransom amounts, but the increase in the number of victims who are willing to pay the ranso

3836726219?profile=RESIZE_710xDoes your company have $50 million to spare? That is how much a ransomware attack cost Norsk Hydro in the first quarter of 2019.  A total of 22,000 computers had their files forcibly encrypted across 40 countries in which the aluminum producer operates. Employees were using typewriters and manual production lines where possible to operate the business.  Norsk Hydro did not pay the hackers’ ransom and was completely honest about what happened. Its approach was praised by both law enforcement and

3831989632?profile=RESIZE_710xEuropol.com

The new 2020 decade started with many twists and turns inside the Geo-Political (GEOPOL) World; specifically, the current Iran / US escalation of tensions and associated US sanctions.  This has raised cyber concerns with international governments and private sectors alike.  Researchers are providing various “warnings” to keep in mind when dealing with international political, business affairs, and hybrid terrorism.  The new attack phenomenon is the convergence of physical and cyber-a

3772879530?profile=RESIZE_710x

Our friends and colleagues at Dryad Global, Experts in Global Issues and Maritime Security Risk Management, has provided us with their 2019 Global Security Review and 2020 risk assessment for the Shipping Industry.  Red Sky Alliance has been working close with Dryad this past year and we have observed and appreciated their timely and actionable maritime intellgience reports.  This information is of extreme valuable to our members who operate in the Transportation Sector. 

From Dryad: "Managed b