Security News

US Federal Bureau of Investigation director Christopher Wray has named China as the source of more cyber-attacks on the USA than all other nations combined. In a Monday speech titled Countering Threats Posed by the Chinese Government Inside the US, Wray said the FBI is probing over 2,000 investigations of incidents assessed as attempts by China's government "To steal our information and technology."

Use a burner phone if you're traveling to the Olympics, the FBI warned on Tuesday, lest you come home with a nasty case of malware and/or snatched personal data. The FBI didn't mention specific threats, per se, but its alert warned those traveling to the February 2022 Beijing Winter Olympics and March 2022 Paralympics that we've seen this all before with the Olympics, where "Malicious cyber actors could use a broad range of cyber activities to disrupt these events."

Scammers are trying to steal job seekers' money and personal information through phishing campaigns using fake advertisements posted on recruitment platforms. "The FBI warns that malicious actors or 'scammers' continue to exploit security weaknesses on job recruitment websites to post fraudulent job postings in order to trick applicants into providing personal information or money," the FBI says.

The Federal Bureau of Investigation warned today that threat actors could potentially target the February 2022 Beijing Winter Olympics and March 2022 Paralympics. "The FBI to date is not aware of any specific cyber threat against the Olympics, but encourages partners to remain vigilant and maintain best practices in their network and digital environments," the US security service said in a private industry notification issued on Tuesday.

QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware. The smart little matrix bar codes are easily tampered with and can be used to direct victims to malicious sites, the FBI warned in an alert.

"Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information," the federal law enforcement agency said.The FBI said crooks are switching legitimate QR codes used by businesses for payment purposes to redirect potential victims to malicious websites designed to steal their personal and financial information, install malware on their devices, or divert their payments to accounts under their control.

The FBI has formally linked the Diavol ransomware operation to the TrickBot Group, the malware developers behind the notorious TrickBot banking trojan. A month later, IBM X-Force researchers established a stronger connection between Diavol ransomware and other TrickBot Gang's malware, such as Anchor and TrickBot.

Amid renewed tensions between the U.S. and Russia over Ukraine and Kazakhstan, American cybersecurity and intelligence agencies on Tuesday released a joint advisory on how to detect, respond to, and mitigate cyberattacks orchestrated by Russian state-sponsored actors. To that end, the Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and National Security Agency have laid bare the tactics, techniques, and procedures adopted by the adversaries, including spear-phishing, brute-force, and exploiting known vulnerabilities to gain initial access to target networks.

The Federal Bureau of Investigation warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminal group targeted the US defense industry with packages containing malicious USB devices to deploy ransomware. The attackers mailed packages containing 'BadUSB' or 'Bad Beetle USB' devices with the LilyGO logo, commonly available for sale on the Internet.

The Federal Bureau of Investigation warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminals group is targeting the US defense industry with packages containing malicious USB devices. The packages have been mailed via the United States Postal Service and United Parcel Service to businesses in the transportation and insurance industries since August 2021 and defense firms starting with November 2021.