Security News
De Rose allegedly conspired with members of a gang known as The Community to defraud someone identified in court as "RM". He is currently contesting extradition to the US to stand trial on wire fraud, theft, and money laundering charges. De Rose's extradition hearing comes after the National Crime Agency arrested eight men aged between 18 and 26 back in February on suspicion of carrying out SIM-swap attacks targeted at US citizens.
An alert issued Monday by the Cybersecurity and Infrastructure Security Agency and the FBI urged organizations to be on guard for ransomware attacks that take advantage of worker downtime during Thanksgiving. Launching cyberattacks during a holiday or even a weekend is hardly a new strategy for criminals.
IPs are their faceless proxy army and if you want to get to the attackers, you need first to burn that IP army down. Most attacks leave traces in different systems, service or application logs that can give indications on the attacker's IPs and attack types.
The Cybersecurity and Infrastructure Security Agency and the FBI warned critical infrastructure partners and public/private sector organizations not to let down their defenses against ransomware attacks during the holiday season. The two federal agencies' warning was issued in the form of a joint advisory published Monday, "Based on observations on the timing of high impact ransomware attacks that have occurred previously rather than a reaction to specific threat reporting."
The Securities and Exchange Commission has warned US investors of scammers impersonating SEC officials in government impersonator schemes via phone calls, voicemails, emails, and letters. The alert comes from SEC's Office of Investor Education and Advocacy, which regularly issues warnings to inform investors about the latest developments in investment frauds and scams.
There has been a surge in reports of people getting scammed after visiting TSA PreCheck, Global Entry, and NEXUS application service sites, being charged $140 only to get nothing in return. Reports about these scams first appeared in March 2021, and by July, threat actors were abusing Google Ads to promote the fake sites on Google Search and increase their traffic.
US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability.
US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability.
The U.S. Department of State is offering a $10 million reward for information about the activities of two Iranian nationals charged for cyber activity intended to "Intimidate and influence" American voters during the 2020 U.S. presidential campaign. An indictment unsealed today by the Department of Justice alleges that between September and November 2020, 24-year old Seyyed Mohammad Hosein Musa Kazemi and 27-year old Sajjad Kashian obtained information of more than 100,000 U.S. voters and used it "Sow discord among Americans."
"FBI and CISA have observed this Iranian government-sponsored APT group exploit Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware," CISA said. The Iranian state hackers focus their attacks on US critical infrastructure sectors and Australian organizations.