Security News

The U.S. Federal Bureau of Investigation has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang has added distributed denial-of-service attacks to their arsenal of extortion tactics. In a Friday notification coordinated with the Cybersecurity and Infrastructure Security Agency, the FBI said that the ransomware group would take their victims' official websites down in DDoS attacks if they didn't comply with the ransom demands.

Vice has detailed article about how the FBI gets data from cell providers like AT&T, T-Mobile, and Verizon, based on a leaked (I think) 2019 139-page presentation.

US feds were spotted raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida, on Tuesday, with speculation abounding that the machines contained preinstalled malware. PAX Technology is headquartered in Shenzhen, China, and is one of the largest electronic payment providers in the world.

The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. "Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021," the FBI said in a TLP: WHITE flash alert.

The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims. Sites used in these attacks are designed to closely resemble official government platforms to trick the targets into giving away their info, infecting them with malware, and claiming unemployment benefits on their behalf.

The Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency published today an advisory with details about how the BlackMatter ransomware gang operates.The joint cybersecurity advisory from CISA, the FBI, and the NSA shares the tactics, techniques, and procedures associated with BlackMatter activity that could help organizations protect against the BlackMatter ransomware gang.

A Navy nuclear engineer and his wife were arrested under espionage-related charges alleging violations of the Atomic Energy Act after selling restricted nuclear-powered warship design data to a person they believed was a foreign power agent. Jonathan and Diana Toebbe sold the confidential information to an undercover FBI agent.

A court filing and announcement allege that a chap named Jonathan Toebbe, an employee of the Department of the Navy who served as a nuclear engineer, contacted entities that he believed represented a foreign power and offered to sell "Restricted Data concerning the design of a nuclear-powered warship". An FBI legal attaché obtained a letter sent by Toebbe in April 2020 that included some US Navy documents and instructions on how to establish a secure channel between a foreign nation and Toebbe.

The House Committee on Oversight and Reform has requested a briefing to understand the rationale behind the FBI's decision to delay providing the victims of the Kaseya REvil ransomware with a universal decryption key for three weeks. "To understand the FBI's decision, the lawmakers are requesting a briefing from the FBI on its legal and policy rationale for withholding the ransomware key, as well as the FBI's overall strategy for addressing, investigating, preventing, and defeating ransomware attacks," the Committee said in a press release on Wednesday.

CISA, the Federal Bureau of Investigation, and the National Security Agency warned today of an increased number of Conti ransomware attacks targeting US organizations. The three US federal agencies urge enterprise IT admins to review their organizations' network security posture and implement the immediate actions outlined in the joint advisory to defend against Conti ransomware.