Security News

The attack accuses victims of possessing pornography, encrypts all files on the device, and then instructs them to pay a fine to unlock the data, according to Check Point Research. After a successful infection on an Android device, Lucy encrypts files and then displays a ransom note in a browser window.

Cybercriminals are taking advantage of the pandemic, including hackers who target hospitals and medical research institutions that are studying the coronavirus, the head of the FBI's cyber division said Tuesday. The FBI has received thousands of complaints regarding scams and frauds related to the virus, FBI Assistant Director Matt Gorham said in a statement responding to queries from The Associated Press.

A type of fraud targeting those in charge of performing legitimate funds transfers for a company, BEC scams aim to trick unsuspecting victims into sending money to the attackers. In BEC attacks, the victim typically receives an email apparently arriving from a company they normally conduct business with, requesting payments be made to a new account, or demanding a change in the standard payment operations.

As reports of "Zoom bombing" explode, the FBI is cracking down on the issue with a new warning that web conference hijackers could face jail time. These are punishable by fines and even imprisonment, according to the FBI. "You think Zoom bombing is funny? Let's see how funny it is after you get arrested," stated Matthew Schneider, United States Attorney for Eastern Michigan in a Friday public statement.

It was just a matter of time once people began using Zoom more frequently to collaborate remotely, that their conversations would be hijacked in a phenomenon known as Zoom bombing. Zoom bombing is an emerging trend where attackers find publicly posted Zoom invite links, then join them to screenshare pornography or other inappropriate content, said Paul Bischoff, a privacy advocate with Comparitech, a pro-consumer website that provides information on tech services.

The Justice Department inspector general has found additional failures in the FBI's handling of a secretive surveillance program that came under scrutiny after the Russia investigation, identifying problems with dozens of applications for wiretaps in national security investigations. The new findings are on top of problems identified last year by the watchdog office, which concluded that the FBI had made significant errors and omissions in applications to eavesdrop on former Trump campaign adviser Carter Page during the early months of the Russia investigation.

The FBI has not followed internal rules when applying to spy on US citizens for at least five years, according to an extraordinary report [PDF] by the Department of Justice's inspector general. The failure to follow so-called Woods Procedures, designed to make sure the FBI's submissions for secret spying are correct, puts a question mark over more than 700 approved applications to intercept and log every phone call and email made by named individuals.

A malicious campaign is targeting organizations from a broad range of industries with a piece of malware known as Kwampirs, the Federal Bureau of Investigation warns. Initially detailed in 2018, the malware is a custom backdoor associated with a threat actor tracked as Orangeworm, which has been active since at least 2015, mainly targeting organizations in the healthcare sector, but also launching attacks on industries somewhat related to healthcare, including IT, manufacturing, and logistics.

The financially-motivated hacking group FIN7 has started mailing malicious USB devices to intended victims in an effort to infect their computers with malware, the FBI warns. Mainly targeting businesses via phishing emails, the cybercrime group appears to have changed tactics recently, and started sending malicious USB devices to victims via the United States Postal Service.

The FBI on Tuesday shut down Deer.io, a Russia-based platform catering to cybercrooks that offered turnkey online storefront design and hosting and a place where they could sell and advertise their wares, including ripped-off credentials, hacked servers, hacking services, gamer accounts and more. Up until the FBI jammed a stick in its spokes, the platform was doing brisk business, with sales exceeding $17 million, selling hacked accounts for video streaming services like Netflix and Hulu and social media platforms such as Facebook, Twitter and Vkontakte.