X-Industry

SentinelLabs recently posted a very interesting report on leaked information about a Chinese company, I-Soon.

Executive Summary / I-Soon (上海安洵), a company that contracts for many PRC agencies–including the Ministry of Public Security, Ministry of State Security, and People’s Liberation Army, was subject to a data leak over the weekend of 16 February.  It is not known who pilfered the information nor their motives, but this leak provides a first-of-its-kind look at the internal operations of a st

Cyber threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited Cross-Site Scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations.   According to investigators, these entities are primarily located in Georgia, Poland, and Ukraine and attributed the intrusion set to a threat actor known as Winter Vivern, also known as TA473 and UAC0114.  The cybersecurity firm tracks the hacki

An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns.  While the full extent of the effort, codenamed Operation Cronos, is presently unknown, visiting the group's ‘.onion’ website displays a seizure banner containing the message "The site is now under the control of law enforcement." Authorities from 11 countries, Australia, Canada, Finl

Cybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children’s hospital and that the US government is doing too little to prevent such breaches.  Hospitals in recent years have shifted their use of online technology to support everything from telehealth to medical devices to patient records.  Today, they are a favorite target for internet thieves who hold systems’ data and networks hostage f

Readers Note:  This is an article by Shawn E. Tuma a business lawyer with an internationally-recognized reputation in cybersecurity, computer fraud, and data privacy law. Having practiced in this area of law since 1999, he is one of the most experienced and well-respected cybersecurity and data privacy law attorneys in the United States. He is a Partner at Spencer Fane LLP, and Co-Chair of the Cybersecurity & Data Privacy Practice Group. Shawn is also the manager of the Business Cybersecurity La

Major technology companies signed a pact 16 February 2024 to voluntarily adopt “reasonable precautions” to prevent artificial intelligence tools from being used to disrupt democratic elections around the world.  Executives from Adobe, Amazon, Google, IBM, Meta, Microsoft, OpenAI and TikTok gathered at the Munich Security Conference to announce a new framework for how they respond to AI-generated deepfakes that deliberately trick voters. Twelve other companies including Elon Musk’s X are also sig

After a nationwide outage last week left tens of thousands of frustrated AT&T and Verizon customers without wireless cellphone service, many were left wondering what caused the interruption.

Faulty equipment? Hackers? Solar flares?

As it turns out, the answer was bad coding on the part of AT&T, the company said late last week.  Before that announcement, rumors circulated online that solar flares might've been responsible for the outage, which caught the attention of scientists at the National Oc

Maria Reznikova and her associates at Maria Concetto Winery are into gadgets.  Their Calistoga tasting room features “levitating” wine bottle holders, spinning top-like decanters, small drones, a 3D wine bottle hologram sign, a karaoke machine and a replica of a 1922 Model T Ford parked out front.  But the most notable is RobinoVino, their wine serving robot sommelier.  Working with an engineering friend, Reznikova commissioned RobinoVino, described as “the world’s first” such robot sommelier. M

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders.  Trend Micro, which began tracking the campaign in late December 2023, said it entails the exploitation of CVE-2024-21412, a security bypass vulnerability related to Internet Shortcut Files (.URL). "In this attack chain, the threat actor leveraged CVE-2024-21412 to bypass Microsoft Def

The US Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee.  "This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point," the agency said in a joint advisory published 15 February 2024 alongside the Multi-State Information Sharing and Analysis Center (MS-ISAC).  "The threat actor

Spynote is a Remote Access Trojan that initially surfaced in 2020.  Since then, it has grown into one of Android's most common malware families, with multiple samples, integration of other RATs (e.g., CypherRat), and a large family of over 10,000 samples. There are numerous variants and integrations of other RATs, and since 2023, there has been a growing interest in financial institutions.

On 1 February 2024, analysts found a malicious sample posing as a legitimate crypto wallet that included th

When discussing access security, one recommendation stands out; multi-factor authentication (MFA).  With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches.  It is important to remember that MFA still is not foolproof.  It can be bypassed.  If a password is compromised, several options are available to hackers looking to circumvent the added protection of MFA.  The following are four social engineering tactics hackers successfully use to

Red Sky Alliance monthly queries our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.  Malicious actors use emails with Motor Vessel (MV) or Motor Tanker (MT) in the subject line as a lure to entice users in the maritime industry to open emails containing malicious attachments.  Red Sky Alliance is providing this list of Motor Vessels in which we directly observed the vessel being impersonated, with associated

Facebook and Instagram users will start seeing labels on AI-generated images on their social media feeds, part of a broader tech industry initiative to sort between what is real and what is not.  A Meta spokesman said on 06 February 2024 that it is working with industry partners on technical standards to make it easier to identify images and, eventually, video and audio generated by artificial intelligence tools.[1]

See:  https://redskyalliance.org/xindustry/why-do-some-ai-images-look-like-me

Ju

As artificial intelligence continues advancing at a rapid pace, criminals are increasingly using AI capabilities to carry out sophisticated scams and attacks. Technologies that synthesize realistic fake media, known as deepfakes, are among the newest tools being deployed to enable fraud.  A finance clerk working at a Hong Kong branch of a large multinational corporation recently fell victim to an elaborate scam utilizing deepfake technology to impersonate senior executives and swindle more than

A new form of mobile malware named "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps.  Recently uncovered by cyber security investigators, GoldPickaxe exists in both Android and iOS versions and was developed by a suspected Chinese hacking group called "GoldFactory."  The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.

See:

Cyber-attacks cost the world economy a huge $8 trillion USD in 2023 and are expected to rise to an incredible $18 trillion by 2030.  Technology has advanced so rapidly that most devices in a 2024 household are always online smart devices perpetually connected to the cloud.  Beyond this, no workforce, industry, or government agency exists without a complex and interconnected web of users, systems, and online technologies.  Is it any wonder that cyber-attacks are on the rise and have cost the worl

A malware tactic named ‘hunter-killer’ is growing, based on an analysis of more than 600,000 malware samples. This may become the standard approach for advanced attacks.  There has been a notable rise in a malware tactic referred to as ‘hunter-killer’ malware. The name comes from modern submarine warfare: submarines remain hidden until they strike. The use of hunter-killer malware grew over 2023, and it is expected to continue growing. 

There is a surge in ultra-evasive, highly aggressive malwar

As we enter the age of the software-defined automobile, especially those with electric drivetrains, we’re facing unprecedented risk from cyberattacks, say a wide coterie of experts. According to the Israel-based Upstream firm, from 2019 to 2023 disclosed cybersecurity incidents in the automotive and mobility space increased by more than 50%, with 295 such occurrences in 2023.  Some 64% of these attacks were executed by “bad hat actors” with malevolent intent, the report said. And 65% of deep and

Between November and December 2023, a threat actor successfully stole more than two million email addresses and other personal information from at least 65 websites, threat intelligence firm Group-IB reports.  ResumeLooters is confirmed to have stolen several databases containing 2,079,027 unique emails and other records, such as names, phone numbers, dates of birth, and information about job seekers’ experience and employment history.  The stolen data was then offered for sale by ResumeLooters