Security News

US feds were spotted raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida, on Tuesday, with speculation abounding that the machines contained preinstalled malware. PAX Technology is headquartered in Shenzhen, China, and is one of the largest electronic payment providers in the world.

The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors. "Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021," the FBI said in a TLP: WHITE flash alert.

The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims. Sites used in these attacks are designed to closely resemble official government platforms to trick the targets into giving away their info, infecting them with malware, and claiming unemployment benefits on their behalf.

The Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency published today an advisory with details about how the BlackMatter ransomware gang operates.The joint cybersecurity advisory from CISA, the FBI, and the NSA shares the tactics, techniques, and procedures associated with BlackMatter activity that could help organizations protect against the BlackMatter ransomware gang.

A Navy nuclear engineer and his wife were arrested under espionage-related charges alleging violations of the Atomic Energy Act after selling restricted nuclear-powered warship design data to a person they believed was a foreign power agent. Jonathan and Diana Toebbe sold the confidential information to an undercover FBI agent.

A court filing and announcement allege that a chap named Jonathan Toebbe, an employee of the Department of the Navy who served as a nuclear engineer, contacted entities that he believed represented a foreign power and offered to sell "Restricted Data concerning the design of a nuclear-powered warship". An FBI legal attaché obtained a letter sent by Toebbe in April 2020 that included some US Navy documents and instructions on how to establish a secure channel between a foreign nation and Toebbe.

The House Committee on Oversight and Reform has requested a briefing to understand the rationale behind the FBI's decision to delay providing the victims of the Kaseya REvil ransomware with a universal decryption key for three weeks. "To understand the FBI's decision, the lawmakers are requesting a briefing from the FBI on its legal and policy rationale for withholding the ransomware key, as well as the FBI's overall strategy for addressing, investigating, preventing, and defeating ransomware attacks," the Committee said in a press release on Wednesday.

CISA, the Federal Bureau of Investigation, and the National Security Agency warned today of an increased number of Conti ransomware attacks targeting US organizations. The three US federal agencies urge enterprise IT admins to review their organizations' network security posture and implement the immediate actions outlined in the joint advisory to defend against Conti ransomware.

The Washington Post reports that the FBI had a decryption key for the REvil ransomware, but didn't pass it along to victims because it would have disrupted an ongoing operation. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack.

The FBI, CISA and the U.S. Coast Guard Cyber Command warned today that state-backed advanced persistent threat actors are likely among those who've been actively exploiting a newly identified bug in a Zoho single sign-on and password management tool since early last month. At issue is a critical authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus platform that can lead to remote code execution and thus open the corporate doors to attackers who can run amok, with free rein across users' Active Directory and cloud accounts.