Security News

Threat actors impersonated Truist, the sixth-largest US bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan malware. In one of the attacks targeting a renewable energy company in February 2021, the phishing emails instructed the target to download a malicious Windows app mimicking the legitimate Truist Financial SecureBank App and supposedly needed to complete the process behind a $62 million loan.

The Federal Bureau of Investigation warned that scammers actively target the vulnerable families of missing persons attempting to extort them using information shared on social media. "These actors identify missing persons through social media posts and gather information about the missing person and family to legitimize their ransom demands without ever having physical contact with the missing person," the FBI said.

Alexandra Elbakyan, the creator of controversial research trove Sci-Hub, has claimed that Apple informed her it has handed over information about her account to the FBI. Elbakyan made the allegation in a week-old tweet that went unremarked-upon for longer than you'd imagine, given that Apple and the FBI have a history of conflict over whether the bureau should be allowed to peer into Apple customers' devices. At first I thought it was a spam and was about to delete the email, but it turned out to be about FBI requesting my data from Apple pic.

The U.S. Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, and the Federal Bureau of Investigation on Monday published a new joint advisory as part of their latest attempts to expose the tactics, techniques, and procedures adopted by the Russian Foreign Intelligence Service in its attacks targeting the U.S and foreign entities. By employing "Stealthy intrusion tradecraft within compromised networks," the intelligence agencies said, "The SVR activity-which includes the recent SolarWinds Orion supply chain compromise-primarily targets government networks, think tank and policy analysis organizations, and information technology companies and seeks to gather intelligence information."

The FBI and DHS have issued a Joint Cybersecurity Advisory on the threat posed by the Russian Foreign Intelligence Service via the cyber actor known as APT 29. The new advisory, provides "Information on the SVR's cyber tools, targets, techniques, and capabilities to aid organizations in conducting their own investigations and securing their networks." Noticeably, the advisory uses the term SVR and APT 29 indistinguishably throughout, indicating that it sees no difference between the cyber actor and the Russian intelligence agency.

Millions of email addresses collected by Emotet botnet for malware distribution campaigns have been shared by the Federal Bureau of Investigation as part of the agency's effort to clean infected computers. Individuals and domain owners can now learn if Emotet impacted their accounts by searching the database with email addresses stolen by the malware.

UK authorities could lawfully copy the FBI and forcibly remove web shells from compromised Microsoft Exchange server deployments - but some members of the British infosec industry are remarkably quiet about whether this would be a good thing. In the middle of last week the American authorities made waves after deleting web shells from Exchange Server deployments compromised in the Hafnium attacks.

New DNS vulnerabilities have the potential to impact millions of devicesForescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK. FBI removes web shells from hacked Microsoft Exchange serversAuthorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable on-premises versions of Microsoft Exchange Server software in the United States. The benefits of cyber threat intelligenceIn this Help Net Security podcast, Maurits Lucas, Director of Intelligence Solutions at Intel 471, discusses the benefits of cyber threat intelligence.

U.S. authorities revealed this week that the FBI executed a court-authorized cyber operation to remove malicious web shells from hundreds of compromised Microsoft Exchange servers located in the United States. "The effort by the FBI, as described in the Justice Department press release, amounts to the FBI gaining access to private servers. Just that should be a full stop that the action is not ok. While I understand the good intention - the FBI wants to remove the backdoor - this sets a dangerous precedent where law enforcement is given broad permission to access private servers."

Australian security firm Azimuth has been identified as the experts who managed to crack a mass shooter's iPhone that was at the center of an encryption standoff between the FBI and Apple. Until this week it had largely been assumed that Israeli outfit Cellebrite was hired to forcibly unlock an encrypted iPhone 5C used by Syed Farook - who in 2015 shot and killed colleagues at a work event in San Bernardino, California, claiming inspiration from ISIS. Efforts by law enforcement to unlock and pore over Farook's phone were unsuccessful, leading to the FBI taking Apple to court to force it to crack its own software to reveal the device's contents.