Security News

The FBI warns that cybercriminals are using spoofed emails and phone numbers to target plastic surgery offices across the United States for extortion in phishing attacks that spread malware. "Cybercriminals use open-source information, to include social media, and social engineering techniques to enhance the harvested ePHI data of plastic surgery patients," the FBI said.

CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw actively exploited in attacks. On October 4, when it released security updates, Atlassian advised customers to upgrade their Confluence instances as soon as possible to one of the fixed versions as the bug was already exploited in the wild as a zero-day.

The AvosLocker ransomware gang has been linked to attacks against critical infrastructure sectors in the U.S., with some of them detected as recently as May 2023. That's according to a new joint...

The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along with custom PowerShell, and batch scripts. AvosLocker ransomware affiliates are known to use legitimate software and open-source code for remote system administration to compromise and exfiltrate data from enterprise networks.

The FBI issued a public service announcement warning of a significant increase in 'phantom hacker' scams targeting senior citizens across the United States. "This Phantom Hacker scam is an evolution of more general tech support scams, layering imposter tech support, financial institution, and government personas to enhance the trust victims place in the scammers and identify the most lucrative accounts to target," the FBI said.

The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors...

The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims' networks to encrypt systems in under two days. Variants used in these dual ransomware attacks include AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal.

After more than 15 years in the wild, the Qakbot botnet, a zombie network of over 700,000 computers worldwide, is hanging on the FBI's trophy wall for now. A multinational action called Operation "Duck Hunt" - led by the FBI, the Department of Justice, the National Cybersecurity Alliance, Europol, and crime officials in France, Germany, the Netherlands, Romania, Latvia and the U.K. - was able to gain access to the Qakbot network and shut down the malicious botnet, which has affected 700,000 computers worldwide.

A coordinated law enforcement effort codenamed Operation Duck Hunt has felled QakBot, a notorious Windows malware family that's estimated to have compromised over 700,000 computers globally and facilitated financial fraud as well as ransomware. QakBot administrators are said to have received fees corresponding to approximately $58 million in ransoms paid by victims between October 2021 and April 2023.

The FBI announced today the disruption of the Qakbot botnet in an international law enforcement operation that not only seized infrastructure but also uninstalled the malware from infected devices. Before we learn how the FBI uninstalled Qakbot from computers, it is essential to understand how the malware was distributed, what malicious behavior it performed, and who utilized it.