Security News

Well-known email tracking organisation Spamhaus, which maintains lists of known senders of spams and scams, is warning of a fraudulent "FBI/Homeland Security" alert that has apparently been widely circulated to network administrators and other IT staff in North America. Urgent: Threat actor in systems Our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack.

The Federal Bureau of Investigation email servers were hacked to distribute spam email impersonating FBI warnings that the recipients' network was breached and data was stolen. The emails pretended to warn about a "Sophisticated chain attack" from an advanced threat actor known, who they identify as Vinny Troia.

The Federal Bureau of Investigation warned private industry partners of attempts by an Iranian threat actor to buy stolen information regarding US and worldwide organizations. According to the FBI, the threat actor will likely use the leaked data bought from clear and dark web sources to breach the systems of related organizations.

The FBI's Cyber Division said in a private industry notification issued earlier this week that ransomware gangs have hit several tribal-owned casinos, taking down their systems and disabling connected systems. Limited cyber investigative capabilities and law enforcement resources are likely some of the reasons behind ransomware groups' seeing US tribes as desirable targets, according to the FBI. Ransomware gangs that coordinated attacks against tribal communities include REvil, Bitpaymer, Ryuk, Conti, Snatch, and Cuba.

The Federal Bureau of Investigation warns that victims of various fraud schemes are increasingly asked by criminals to use cryptocurrency ATMs and Quick Response codes, making it harder to recover their financial losses. "The FBI has seen an increase in scammers directing victims to use physical cryptocurrency ATMs and digital QR codes to complete payment transactions," the federal law enforcement agency said.

The Federal Bureau of Investigation warns that ransomware gangs are targeting companies involved in "Time-sensitive financial events" such as corporate mergers and acquisitions to make it easier to extort their victims. "The FBI assesses ransomware actors are very likely using significant financial events, such as mergers and acquisitions, to target and leverage victim companies for ransomware infections," the federal law enforcement agency said.

The U.S. Federal Bureau of Investigation has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang has added distributed denial-of-service attacks to their arsenal of extortion tactics. In a Friday notification coordinated with the Cybersecurity and Infrastructure Security Agency, the FBI said that the ransomware group would take their victims' official websites down in DDoS attacks if they didn't comply with the ransom demands.

Vice has detailed article about how the FBI gets data from cell providers like AT&T, T-Mobile, and Verizon, based on a leaked (I think) 2019 139-page presentation.

US feds were spotted raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida, on Tuesday, with speculation abounding that the machines contained preinstalled malware. PAX Technology is headquartered in Shenzhen, China, and is one of the largest electronic payment providers in the world.

The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. "Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021," the FBI said in a TLP: WHITE flash alert.