Security News
The FBI has publicly confirmed that the REvil ransomware was used in the cyberattack that forced the world's largest meat processing company to shut down systems. While JBS did not make public any technical information on the attack, it did notify the federal government of a ransom demand, apparently coming from a Russian hacking group.
The Federal Bureau of Investigations has officially stated that the REvil operation, aka Sodinokibi, is behind the ransomware attack targeting JBS, the world's largest meat producer. "We have attributed the JBS attack to REvil and Sodinokibi and are working diligently to bring the threat actors to justice," says an FBI Statement on JBS Cyberattack.
Hunt therefore also offers a public service called Pwned Passwords, where you can look up your own password in a database of just over 600 million already-recovered passwords, whether those passwords were stolen due to a large-scale corporate data breach, a carefully planned ransomware attack, a long-running malware infestation, or any other cause. Avoiding a 10GB download. If you don't have the time or energy to download 10GB or more of of Pwned Passwords data, you can look up your password without giving it away directly.
Last year, the man Down Under announced plans to make key portions of the system open source for others to pick up, use, and improve. Now the Pwned Passwords code base is available from GitHub under a BSD three-clause license.
An alert released on Friday by the FBI and the DHS's Cybersecurity and Infrastructure Security Agency revealed that the number of organizations targeted in a recent attack abusing a legitimate email marketing service was higher than initially reported. Microsoft reported last week that the Russia-linked threat actor it tracks as Nobelium, which is believed to be responsible for the SolarWinds supply chain attack, had been abusing a legitimate mass email service named Constant Contact to target government and other types of organizations in the United States and a dozen other countries.
The FBI on Thursday published indicators of compromise associated with the continuous exploitation of Fortinet FortiOS vulnerabilities in attacks targeting commercial, government, and technology services networks. In early April, the FBI along with the Cybersecurity and Infrastructure Security Agency warned that threat actors had been targeting serious security holes in Fortinet's flagship operating system FortiOS for initial access into victims' networks.
The FBI will soon begin to share compromised passwords with Have I Been Pwned's 'Password Pwned' service that were discovered during law enforcement investigations. The Have I Been Pwned data breach notification site includes a service called Pwned Passwords that allows users to search for known compromised passwords.
The Federal Bureau of Investigation says state-sponsored attackers breached the webserver of a U.S. municipal government after hacking a Fortinet appliance. "As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. municipal government," the FBI's Cyber Division said in a TLP:WHITE flash alert published today.
An FBI analyst with top-secret security clearance illegally squirreled away national-security documents related to Osama bin Laden, al-Qaeda, cybersecurity and more in her home for years, the feds say. Kendra Kingsbury, who was working in the FBI's Kansas City Division until being put on leave in December 2017, has been indicted by a federal grand jury for allegedly routinely removing numerous documents from their safekeeping at the office, over and over during the period between June 2004 to Dec. 15, 2017.
The FBI says it has observed 16 Conti ransomware attacks that targeted healthcare and first responder networks in the United States over the past year. First detailed in July 2020, Conti has grown to become a major threat, with more than 400 organizations worldwide being hit by the ransomware to date.