Security News

The Federal Bureau of Investigation warned today of recently detected spear-phishing email campaigns targeting customers of "Brand-name companies" in attacks known as brand phishing.In addition to these ongoing phishing attacks, threat actors are also likely developing tools to bait potential targets into revealing info for bypassing account protections two-factor authentication by intercepting emails and compromising accounts.

The U.S. Federal Bureau of Investigation has disclosed that an unidentified threat actor has been exploiting a previously unknown weakness in the FatPipe MPVPN networking devices at least since May 2021 to obtain an initial foothold and maintain persistent access into vulnerable networks, making it the latest company to join the likes of Cisco, Fortinet, Citrix, Pulse Secure that have had their systems exploited in the wild. "The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a web shell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity," the agency said in an alert published this week.

Emotet malware: "The report of my death was an exaggeration" FBI email hack spreads fake security alerts Tech history: Why tubes are valves, and valves are tubes. Samba update patches plaintext password plundering The hijackable self-driving robot suitcase Oh! No! A virtual-versus-real monitor mixup.

A threat actor has been exploiting a zero-day vulnerability in FatPipe's virtual private network devices as a way to breach companies and gain access to their internal networks, since at least May, the FBI has warned. "As of November 2021, FBI forensic analysis indicated exploitation of a 0-day vulnerability in the FatPipe MPVPN device software going back to at least May 2021," the bureau said in a flash alert on Tuesday.

The Federal Bureau of Investigation warned of an advanced persistent threat compromising FatPipe router clustering and load balancer products to breach targets' networks. "As of November 2021, FBI forensic analysis indicated exploitation of a 0-day vulnerability in the FatPipe MPVPN device software going back to at least May 2021," the FBI said in a flash alert issued this week.

Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out of the FBI's email system, says it's just one of a string of jabs from a childish but cybercriminally talented tormentor. Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out to thousands of people from the FBI's own email system on Friday night, has fingered the guy who allegedly pulled off the exploit.

On Saturday, spam tracker Spamhaus tweeted that it had learned of "Scary" emails being sent purportedly from the FBI and Department of Homeland Security. Though the emails were sent from a portal owned by the FBI and DHS, Spamhaus said that the messages themselves were fake.

The Spamhaus Project, a European nonprofit that monitors email spam, detected the exploit and tweeted about it early Saturday morning, saying that "We have been made aware of 'scary' emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS, our research shows that these emails *are* fake." "Hi its pompompurin. Check headers of this email it's actually coming from FBI server. I am contacting you today because we located a botnet being hosted on your forehead, please take immediate action thanks."

The United States Federal Bureau of Investigation has admitted that a software misconfiguration let parties unknown send email from its servers. A statement from the Bureau, dated November 14th, states that the agency "Is aware of a software misconfiguration that temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal to send fake emails".

The U.S. Federal Bureau of Investigation on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "Sophisticated chain attack." "Vinny Troia wrote a book revealing information about hacking group TheDarkOverlord. Shortly after, someone began erasing ElasticSearch clusters leaving behind his name. Later his Twitter was hacked, then his website. Now a hacked FBI email server is sending this," Hutchins tweeted.