Security News

It was just a matter of time once people began using Zoom more frequently to collaborate remotely, that their conversations would be hijacked in a phenomenon known as Zoom bombing. Zoom bombing is an emerging trend where attackers find publicly posted Zoom invite links, then join them to screenshare pornography or other inappropriate content, said Paul Bischoff, a privacy advocate with Comparitech, a pro-consumer website that provides information on tech services.

The Justice Department inspector general has found additional failures in the FBI's handling of a secretive surveillance program that came under scrutiny after the Russia investigation, identifying problems with dozens of applications for wiretaps in national security investigations. The new findings are on top of problems identified last year by the watchdog office, which concluded that the FBI had made significant errors and omissions in applications to eavesdrop on former Trump campaign adviser Carter Page during the early months of the Russia investigation.

The FBI has not followed internal rules when applying to spy on US citizens for at least five years, according to an extraordinary report [PDF] by the Department of Justice's inspector general. The failure to follow so-called Woods Procedures, designed to make sure the FBI's submissions for secret spying are correct, puts a question mark over more than 700 approved applications to intercept and log every phone call and email made by named individuals.

A malicious campaign is targeting organizations from a broad range of industries with a piece of malware known as Kwampirs, the Federal Bureau of Investigation warns. Initially detailed in 2018, the malware is a custom backdoor associated with a threat actor tracked as Orangeworm, which has been active since at least 2015, mainly targeting organizations in the healthcare sector, but also launching attacks on industries somewhat related to healthcare, including IT, manufacturing, and logistics.

The financially-motivated hacking group FIN7 has started mailing malicious USB devices to intended victims in an effort to infect their computers with malware, the FBI warns. Mainly targeting businesses via phishing emails, the cybercrime group appears to have changed tactics recently, and started sending malicious USB devices to victims via the United States Postal Service.

The FBI on Tuesday shut down Deer.io, a Russia-based platform catering to cybercrooks that offered turnkey online storefront design and hosting and a place where they could sell and advertise their wares, including ripped-off credentials, hacked servers, hacking services, gamer accounts and more. Up until the FBI jammed a stick in its spokes, the platform was doing brisk business, with sales exceeding $17 million, selling hacked accounts for video streaming services like Netflix and Hulu and social media platforms such as Facebook, Twitter and Vkontakte.

The Federal Bureau of Investigation recently took down a Russian-based online platform where various cybercrime products and services were being sold, the Department of Justice announced on Tuesday. In addition to shutting down the platform, the FBI arrested its suspected administrator, alleged Russian hacker Kirill Victorovich Firsov.

Attorney General William Barr vowed in an interview with The Associated Press on Tuesday that there would be swift and severe action if a foreign government is behind disinformation campaigns aimed at spreading fear in the U.S. amid the coronavirus pandemic or a denial of service attack on the networks of the Department of Health and Human Services. Barr told the AP the federal government would take action against anyone who was trying to take advantage of the crisis or against foreign governments that could be trying to spread misinformation and stoke fear or slow down the U.S. response to the virus.

The FBI on Saturday arrested the alleged owner of Deer.io: a Russia-based marketplace for buying and selling credentials for hacked accounts siphoned off of malware-infected computers, victims' personally identifiable information, as well as financial and corporate data. Out of all the shops on Deer.io, the FBI still hasn't found a single legitimate business advertising its services and/or products, and it's been looking.

FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io, a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores. Prosecutors with the U.S. District Court for the Southern District of California allege Firsov was the administrator of deer.io, an online platform that hosted more than 24,000 shops for selling stolen and/or hacked usernames and passwords for a variety of top online destinations.