Security News
The FBI has warned owners of Barracuda Email Security Gateway appliances the devices are likely undergoing attack by snoops linked to China, and removing the machines from service remains the safest course of action. On Wednesday, the FBI pushed that recommendation in a flash alert [PDF] that stated it "Strongly advises all affected ESG appliances be isolated and replaced immediately."
The Federal Bureau of Investigation warned that patches for a critical Barracuda Email Security Gateway remote command injection flaw are "Ineffective," and patched appliances are still being compromised in ongoing attacks. Even though the Barracuda patched all appliances remotely and blocked the attackers' access to the breached devices on May 20, one day after the bug was identified, it also warned all customers on June 7 that they must replace all impacted appliances immediately, likely because it couldn't ensure the complete removal of malware deployed in the attacks.
The FBI warned that North Koreans are likely readying to cash out tens of millions worth of stolen cryptocurrency out of hundreds of millions stolen in the last year alone. "The FBI believes the DPRK may attempt to cash out the bitcoin worth more than $40 million dollars."
The U.S. Federal Bureau of Investigation on Tuesday warned that threat actors affiliated with North Korea may attempt to cash out stolen cryptocurrency worth more than $40 million. North Korea is known to blur the lines among cyber warfare, espionage, and financial crime.
The Feds didn't go as far as naming any specific vendors or services here, but one of the main reasons that crooks go down the "Beta-testing" route is to lure users of Apple iPhones into installing software that didn't come from the App Store. In contrast, even iPhone apps that are 100% free must be submitted by the vendor to the App Store to become available for download, and downloaded by the user from the App Store for installation.
The FBI is warning of an increase in scammers pretending to be recovery companies that can help victims of cryptocurrency investment scams recover lost assets. "Representatives of fraudulent businesses claiming to provide cryptocurrency tracing and promising an ability to recover lost funds may contact victims directly on social media or messaging platforms," reads the FBI notice.
In these fraudulent schemes, criminals either obtain direct access to NFT developer social media accounts or create look-alike accounts to promote "Exclusive" new NFT releases, often employing misleading advertising campaigns that create a sense of urgency to pull them off. "Links provided in these announcements are phishing links directing victims to a spoofed website that appears to be a legitimate extension of a particular NFT project," the FBI said in an advisory last week.
The FBI warned today of fraudsters posing as Non-Fungible Token developers to prey upon NFT enthusiasts and steal their cryptocurrency and NFT assets. In these attacks, the criminals gain unauthorized access to NFT developer social media accounts or create nearly identical accounts to promote "Exclusive" NFT releases.
Agents of the FBI and Homeland Security at the Northeast Cybersecurity Summit revealed how cyberintelligence collaboration works. Learn more with our article.
In collaboration with CISA, the NSA, and the FBI, Five Eyes cybersecurity authorities have issued today a list of the 12 most exploited vulnerabilities throughout 2022."In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems," the joint advisory reads.