X-Industry

Malwarebytes Intelligence Team is reporting the MSHTML vulnerability classified as CVE-2021-40444 has become the focus of threat actors targeting Russian government entities.  Its researchers intercepted phishing email attachments revealing that attackers were trying to target Russian organizations.

The CVE-2021-40444 vulnerability involves ActiveX and is an old flaw, but it was discovered recently, and soon enough, threat actors started sharing its PoCs, tutorials, and exploits on hacking forum

The US government is reportedly set to announce new measures, including sanctions to deter cryptocurrency businesses from getting involved in laundering and facilitating ransomware payments.  People familiar with the matter told the Wall Street Journal that the US Treasury Department could enact the new sanctions as early as the week of 20 September 2021. They will reportedly target cryptocurrency exchanges and traders who either knowingly or unwittingly enable cybercrime transactions.  Among ot

A new state-sponsored advanced persistent threat (APT), a term used to describe nation level sponsored and very sophisticated cyber-espionage groups, has been observed escalating attacks against hotels across the world.  Code-named FamousSparrow, this new APT was discovered by Slovak security firm ESET, which said it is tracking hotel focused attacks as far back as 2019.

“FamousSparrow’s victims are located in Europe (France, Lithuania, the UK), the Middle East (Israel, Saudi Arabia), the Americ

The US Securities and Exchange Commission has issued a new warning that fresh criminal schemes are continuing to target digital assets.  Security experts say with social engineering attempts on the rise, individuals and organizations must remain vigilant against crypto-related scams or other "get rich quick" schemes.

In its recent bulletin, the SEC's Office of Investor Education and Advocacy and Division of Enforcement's Retail Strategy Task Force says, "Fraudsters continue to exploit the rising

An Illinois man was found guilty on 16 September 2021 by a US federal court jury for running websites that allowed paying users to launch powerful distributed denial of service, or DDoS, attacks that flood targeted computers with information and prevent them from being able to access the Internet.

A 32 man from St. Charles, Illinois, was found guilty of three felonies: one count of conspiracy to commit unauthorized impairment of a protected computer, one count of conspiracy to commit wire fraud,

“Oh Romeo, Romeo wherefore art thou Romeo?”  The FBI is warning the public that a massive spike of online romance scams this year caused many Americans to lose more than $113 million since the start of 2021.  The scammers behind this type of online fraud trend (also known as confidence fraud) which can lead to significant financial losses and devastating emotional scars use fake online identities to gain potential victims' trust on dating or social media platforms.

After the victims are lured in

What if three disgruntled employees left your organization and took top secret information to a competing company?  What repercussions would follow and how would it impact your business?  In many cases, there would be a lawsuit. In this case, there was federal prosecution and a cybersecurity threat.

The US Department of Justice (DOJ) released a shocking statement on 16 September 2021, which explains the scenario at the federal level. Three men, who formerly worked for the US intelligence communi

Activity Summary - Week Ending 17 September 2021:

• Red Sky Alliance identified 37,866 connections from new unique IP addresses
• Analysts identified 765 new IP addresses participating in various Botnets
• Compromised IP: 107.172.100.248
• Is it REvil or is it the Feds?
• BazarLoader
• QakBot
• BlackMatter and Cameras?
• Grayfly – an Arm of APT41
• EasyJet in the Crosshairs
• Just Who’s Winning the Cyber War?
• Tiananmen Square Memorials

Link to full report: IR-21-260-001_weekly_260.pdf

Working from home is a new work environment that will be with many employees and companies for years.  Since 2020 when the COVID-19 lockdowns began, cybercrime has increased drastically, and remote working has presented huge challenges and higher risks for many organizations. The surge of COVID-19 cases driven by new variants has challenged many companies to quickly devise long-term hybrid work models that meet the needs of their businesses and employees.  The term hybrid has been coined as ther

On 17 September 2021, while developing additional tools for our Red Pane Dark Web collections, we discovered a new ransomware attack posted by Conti against Amax. A company that makes and installs storage and server solutions for businesses.

As displayed by this table, our new tool allows faster discovery of ransomware infections, alerting us about the new post within 2 minutes of it being live.

This gives our Red Pane tool a near real-time detection rate of new ransomware infections. Red Pane

Our friends from Kelly Blue Book are explaining that “everything about the way you buy a car is changing.”  The auto industry is changing so rapidly and so thoroughly that it may even alter the town where you live.

Car dealerships have begun consolidating under the control of nationwide companies, and their vision for what car shopping may look like in just a few years is radically different than the experience you’re used to.

How did we get here, and where are we going?  And what vulnerabilitie

US Securities and Exchange Commission Chairman Gary Gensler testified before the Senate last week and again called for comprehensive cryptocurrency regulations, citing a need to reduce cybersecurity risks, other market risks, and criminal efforts to defraud investors, all while advancing the assets.   Appearing before the Senate Banking Committee, Gensler defended the SEC's ability to enforce securities laws against cryptocurrency companies, although several Republican lawmakers cited a "lack of

Insider threats are of serious concern for all businesses.  Former or recently terminated employees add a much higher level of risk for theft, destruction, or release of company data.   A former credit union employee is now facing a ten (10) prison sentence after pleading guilty to destroying large amounts of corporate data in revenge for being fired.

This former employee who lives in Brooklyn NY, pleaded guilty in the US Eastern District Court recently, admitting to one count of computer intrus

Eventually, everyone need help with their heating and air conditioning (HVAC) units.  Most technicians are trustworthy and do a great job.  The bad news is that more than 9 out of 10 (91%) industrial organizations are vulnerable to cyber-attacks, according to a new report by Positive Technologies.  The study found that external attackers can penetrate the corporate network in all these organizations, and once inside, can obtain user credentials and complete control over the infrastructure in 100

I found this in my Inbox this morning.   I think the only truthful piece of information included - is that Mary Beth Leonard actually is the current US Ambassador to Nigeria. 

See:  Ambassador Mary Beth Leonard | U.S. Embassy & Consulate in Nigeria (usembassy.gov)

This one fact shows that the criminal involved has done some homework for his scam.   I am always amused by the mis-use of words in the text of theses “kind offers,” such as using the word “missing” instead of “mincing.”  There are too

In the Real Estate business, the most sought after properties have location, location and location as their attraction. Thinking as a criminal what is on their “Wish List?” How do they rate the ideal ransomware target? Cyber threat investigators calim the following attributes add up to the best targets: revenue, size, geography and level of access help determine sale price for access. The most sought-after type of victim for ransomware-wielding attackers is a large, U.S. based business with at l

Since early in 2020, when the COVID-19 lockdowns began, cybercrime has increased significantly and remote working has produced major cyber security challenges and higher risks for many businesses and organizations.  The surge of CV-19 cases driven by new variants has challenged many companies to quickly devise long-term hybrid work models that meet the needs of their businesses and employees.  The term hybrid has been coined as there are many degrees from total office attendance to total at home

Our friends at several cyber media outlets are reporting that the operators behind the REvil ransomware-as-a-service (RaaS) is back.  In a surprise return, REvil reappeared after a two-month break following the widely publicized attack on technology services provider Kaseya on 4 July 2021.  In fact, Red Sky Alliance analysts observed its return this past week.

Two of the dark web portals, including the gang's Happy Blog data leak site and its payment/negotiation site, have reappeared online, wit

Activity Summary - Week Ending 10 September 2021:

• Red Sky Alliance identified 47,398 connections from new unique IP addresses- Sinkholes
• Analysts identified 1,034 new IP addresses participating in various Botnets
• 4 unique email accounts compromised with Keyloggers were used to log into Personal Accounts
• Sality Malware Variant seen 42252 times this past week
• Hive Ransomware Alert
• STRRAT RAT
• FIN7 again
• Microsoft and $20 billion in Cyber Security
• South Korea and TrickBot Arrest
• To SOAR, or to SIEM