FBI
CISA and FBI: Ghost ransomware breached orgs in 70 countries
CISA and FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations. Other industries impacted include healthcare, government, education, technology, manufacturing, and numerous small and medium-sized businesses. “Beginning early 2021, Ghost actors began attacking victims whose internet facing services ran outdated versions of software […]
FBI seizes Cracked.io, Nulled.to hacking forums in Operation Talent
Update January 29, 14:15 EST: Seizure banners were added to the cracked[.] io, nulled [.] to, starkrdp [.] io, mysellix [.] io, and sellix [.] io, confirming that the domains had been seized in a joint law enforcement action dubbed “Operation Talent” that included authorities from the United States, Italy, Spain, Europe, France, Greece, Australia, and […]
FBI: North Korean IT workers steal source code to extort employers
The FBI warned today that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them. The security service alerted public and private sector organizations in the United States and worldwide that North Korea’s IT army will facilitate cyber-criminal activities and demand ransoms […]
CISA: Hackers still exploiting older Ivanti bugs to breach networks
CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks. The vulnerabilities chained in these attacks include CVE-2024-8963 (an admin authentication bypass patched in September) and CVE-2024-8190 (a remote code execution bug patched the same month). Two other bugs, CVE-2024-9379 (an SQL […]
FBI wipes Chinese PlugX malware from over 4,000 US computers
The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. The malware, controlled by the Chinese cyber espionage group Mustang Panda (also tracked as Twill Typhoon), infected thousands of systems using a PlugX variant with a wormable component that allowed it to […]
FBI spots HiatusRAT malware attacks targeting web cameras, DVRs
The FBI warned today that new HiatusRAT malware attacks are now scanning for and infecting vulnerable web cameras and DVRs that are exposed online. As a private industry notification (PIN) published on Monday explains, the attackers focus their attacks on Chinese-branded devices that are still waiting for security patches or have already reached the end […]
FBI shares tips on how to tackle AI-powered fraud schemes
The FBI warns that scammers are increasingly using artificial intelligence to improve the quality and effectiveness of their online fraud schemes, ranging from romance and investment scams to job hiring schemes. “The FBI is warning the public that criminals exploit generative artificial intelligence (AI) to commit fraud on a larger scale which increases the believability […]
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. A joint advisory published on Tuesday calls for organizations worldwide to immediately patch these security flaws and deploy patch management systems to minimize their networks’ exposure to potential […]
CISA urges software devs to weed out XSS vulnerabilities
CISA and the FBI urged technology manufacturing companies to review their software and ensure that future releases are free of cross-site scripting vulnerabilities before shipping. The two federal agencies said that XSS vulnerabilities still plague software released today, creating further exploitation opportunities for threat actors even though they’re preventable and should not be present in […]
FBI tells public to ignore false claims of hacked voter data
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the U.S. voter registration data has been compromised in cyberattacks. The two agencies note that malicious actors are spreading disinformation to manipulate public “opinion and undermine confidence in U.S. democratic institutions.” According to […]