All Articles (424)

Sort by

8083706282?profile=RESIZE_400xMicrosoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems.  Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in subverting ML systems.

Just as artificial intelligence (AI) and ML are being deployed in a wide variety of novel applications, t

8083672063?profile=RESIZE_400xAlmost five years ago, the Russian hackers known as Sandworm hit western Ukraine with the first-ever cyberattack to cause a blackout.  A never-before-seen act of cyber warfare that turned out the lights for over 250,000 Ukrainians.  Since then, Sandworm has perpetrated countless destructive attacks; another blackout on the Ukrainian capital of Kyiv, the release of the NotPetya worm in 2017 that spread globally and eventually caused $10 billion in damage, and an attack that temporarily crippled t

8080622291?profile=RESIZE_400xThe coronavirus pandemic and lockdown have forced organizations to make dramatic changes over a short period of time.  One of the biggest changes has been the shift to a remote workforce nationwide.  Because of the abruptness and speed of that transition, proper cybersecurity has not necessarily been followed, prompting cybercriminals to level more attacks against remote workers, devices, and assets.

Based on a recent survey by security provider Keeper Security looks at the types of threats aime

8080252671?profile=RESIZE_180x180A Mac or iPad appearing on your organization’s network may not be cause for concern at first.  But when did it join the network? What is it doing? Is it the only one?  These questions can help discern a benign connected device from a malicious product trying to infiltrate an organization.

"The number of unmanaged devices has pretty much exploded in the last five years," said the head of threat research at Awake Security.  More people are connecting to corporate networks with devices that are not

8066479468?profile=RESIZE_400xThe Ryuk threat actors have struck again, moving from sending a phishing email to complete encryption across the victim’s network in just five hours. That breakneck speed is partially the result of the gang using the Zerologon privilege-escalation bug (CVE-2020-1472) less than two hours after the initial phish.

The Zerologon vulnerability allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services, according to Mic

Activity Summary - Week Ending 23 October 2020:

  • Red Sky Alliance observed 69 unique email accounts compromised with keyloggers
  • Analysts identified 43,643 connections from new unique IP addresses
  • CTAC identified 2,933 new IP addresses participating in various Botnets
  • EKING Variant of Phobos Ransomware
  • Kraken
  • KillDisk and Industroyer
  • Mobility Electronics Suppliers Expo – Attacked
  • Messe-Berlin
  • Minnesota Republican Party – Attacked
  • Critical Manufacturing RedXray example – Tesla Inc.
  • 4Chan and 8Chan

8060148074?profile=RESIZE_400xRansomware attacks remain the top cyber-enabled threat seen by law enforcement agencies.  But phishing campaigns, business email compromises, and other types of fraud that are now using COVID-19 themes are increasing.  Red Sky Alliance has members, clients, and readers from around the world and this article has been written from the European Union viewpoint, which actually applies internationally to global defense against cyber-crimes.  Our source is the seventh annual Internet Organized Crime T

8060004884?profile=RESIZE_400xIn June 2015, the US Office of Personnel Management (OPM) announced that it had been the target of a data breach targeting the records of as many as four million people.  The final estimate of the number of people impacted is 22.1 million.  This includes records of people who had undergone background checks, as well as their friends and family, many of whom were not government employees.  It has been described by federal officials as among the largest breaches of government data in the history o


8051471253?profile=RESIZE_400xNYANxCAT is a prolific hacker who programs new pieces and versions of malware, shares it widely, and records blackhat hacker educational YouTube videos which has over 150,000 views.  He uses GitHub repository, sells his hacker tools and services using PayPal and Bitcoin.  In this report, we discuss some of the samples of NYANXCat malware, his business models, and possible Kuwaiti identity.

(Figure 1. NYANxCAT GitHub logo)


NYANxCAT Hacker Profile

Name:         possible name: Hmoud [Hu

8042433884?profile=RESIZE_400xSMB’s Need to Prepare for Today and Tomorrow’s Cyber Threats

The cybersecurity landscape presents new challenges at businesses - every day.  Please be aware of these 10 threats to help your business avoid a major attack or breach.  When it comes to securing your network, software, and data from potential attackers, Small to Midsize Businesses (SMBs) have numerous concerns.

Security for increasingly mobile and online-focused businesses is a multifaceted problem, especially for SMBs that lack the

8041670677?profile=RESIZE_400xActivity Summary - Week Ending 16 October 2020:

  • Red Sky Alliance identified 52,441 connections from new unique IP addresses
  • Analysts observed 159 unique email accounts compromised with Keyloggers
  • 2,640 new IP addresses were observed participating in various Botnets
  • SlothfulMedia
  • New Dridex Malware Campaign
  • Mobile Money being attacked in the retail world in Africa
  • Securing Your Cell Enterprise against Retail Attacks
  • Sam's West, Inc. Retail Giant - Analysis
  • No Justice, No Peace at Sam’s Club
  • Star

8041648453?profile=RESIZE_400xMicrosoft collaborated with cybersecurity companies and government agencies to take down the million-device Trickbot botnet to help protect the November 3rd US Presidential election and stop the global spread of ransomware and other malware. The botnet has been used to distribute a variety of malicious code, including the Ryuk ransomware variant, which the US government has cited as a potential threat vector against the election. 

Microsoft obtained a court order from the US District Court, East

8039528689?profile=RESIZE_400xResearchers recently discovered the ‘WarezTheRemote’ attack, which affects Comcast’s XR11 voice remote control.  This security flaw allows cyber attackers to remotely snoop in on victims’ private conversations was is found to stem from an unexpected device, their TV remotes.  Huh?

The flaw stems from Comcast’s XR11, a popular voice-activated remote control for cable TV, which has more than 18 million units deployed across the US.  The remote enables users to say the channel or content they want

8038692495?profile=RESIZE_400xA newly identified group of financially motivated hackers, likely based in a Russian-speaking country, has been running high-volume phishing, ransomware, and extortion campaigns in the United States, Germany, and many other countries for the last four years, using the Clop ransomware and various backdoors in their operations.

Researchers at Mandiant have been tracking the group since 2016 and have responded to a number of intrusions in which the group, known as FIN11, has used initial access to

8035933500?profile=RESIZE_400xA new ransomware has emerged online threatening Android security.  This new malware triggers on an infected phone as soon as the victim presses the Home key. Researchers at Microsoft are warning about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android's Home button to lock the device behind a ransom note.

The findings concern a variant of a known Android ransomware family called, "MalLocker.B" which has resurfaced with new techniques.  This malware

8035786096?profile=RESIZE_400xA US digital marketing provider has exposed almost three million records containing personally identifiable information (PII) after another cloud configuration mistake.  The privacy snafu at Friendemic, whose main clients are reportedly US car dealerships, was discovered by researchers at Comparitech.  As is usual in these cases, the unencrypted data was left exposed to the public Internet with no password or authentication required to access it.  Research earlier this year found that misconfigu

8032283654?profile=RESIZE_400xEven simple things in life, like using a Fitbit watch, can be turned into a hacking tool.   While you are losing pounds, you could also be losing your personal, private and financial information.  During these uncertain months of the pandemic, working out seemed like a harmless activity and a way to keep in shape.  Red Sky Alliance wants to thank Becky Bracken for her report as follows:

An Immersive Labs Researcher took advantage of lax Fitbit privacy controls to build a malicious spyware watch

8031757487?profile=RESIZE_400xPalmerworm, an advanced persistent threat (APT) group, has been active since 2013 and is engage in cyber espionage campaigns that target organizations in the US, East Asia, particularly Taiwan, and occasionally Japan and Hong Kong.  Palmerworm hackers are using new customized malware as well as ‘living off the land’ techniques manipulating tools and commands already built into an operating system for malicious purposes.

This APT group, also known as BlackTech, has conducted long-term espionage c

8018535676?profile=RESIZE_400xA US Treasury Department advisory was issued on 1 October 2020 and strongly warned that financial institutions, cyber insurance firms, and others that facilitate a ransom payment after a ransomware attack ‘could’ face federal penalties.[1]  But the warning is not a sure sign of a looming enforcement effort, some cybersecurity experts say.

Charles Carmakal, senior vice president and CTO with FireEye Mandiant, calls ransomware "the most significant and prevalent cybersecurity threat facing corpora

Comments: 0