Security News
A recently discovered botnet is attacking unpatched AT&T enterprise network edge devices using exploits for a four-year-old critical severity Blind Command Injection security flaw. The botnet, dubbed EwDoor by researchers at Qihoo 360's Network Security Research Lab, targets AT&T customers using EdgeMarc Enterprise Session Border Controller edge devices.
The US Dept of Commerce's Bureau of Industry and Security has added 27 companies to its list of entities prohibited from doing business with the USA on grounds they threaten national security - and one of the firms is associated with HPE's Chinese joint venture H3C. A preliminary announcement [PDF] of the bans lists a company named New H3C Semiconductor Technologies Co., Ltd on the grounds of its "Support of the military modernization of the People's Liberation Army.". The addresses given by Uncle Sam for this semiconductor business matches those listed on the website of H3C, the Chinese company formed as a joint venture between HPE and Tsinghua Unigroup to build networking products.
The US Securities and Exchange Commission has issued numerous warnings over the years about fraudsters attempting to adopt the identity of SEC officials, including by phone call spoofing. Call spoofing is where a scammer calls you up on your landline or mobile phone, claims to be from organisation X, and then reassures you by saying, "If you don't believe me, check the number I'm calling from."
De Rose allegedly conspired with members of a gang known as The Community to defraud someone identified in court as "RM". He is currently contesting extradition to the US to stand trial on wire fraud, theft, and money laundering charges. De Rose's extradition hearing comes after the National Crime Agency arrested eight men aged between 18 and 26 back in February on suspicion of carrying out SIM-swap attacks targeted at US citizens.
An alert issued Monday by the Cybersecurity and Infrastructure Security Agency and the FBI urged organizations to be on guard for ransomware attacks that take advantage of worker downtime during Thanksgiving. Launching cyberattacks during a holiday or even a weekend is hardly a new strategy for criminals.
IPs are their faceless proxy army and if you want to get to the attackers, you need first to burn that IP army down. Most attacks leave traces in different systems, service or application logs that can give indications on the attacker's IPs and attack types.
The Cybersecurity and Infrastructure Security Agency and the FBI warned critical infrastructure partners and public/private sector organizations not to let down their defenses against ransomware attacks during the holiday season. The two federal agencies' warning was issued in the form of a joint advisory published Monday, "Based on observations on the timing of high impact ransomware attacks that have occurred previously rather than a reaction to specific threat reporting."
The Securities and Exchange Commission has warned US investors of scammers impersonating SEC officials in government impersonator schemes via phone calls, voicemails, emails, and letters. The alert comes from SEC's Office of Investor Education and Advocacy, which regularly issues warnings to inform investors about the latest developments in investment frauds and scams.
There has been a surge in reports of people getting scammed after visiting TSA PreCheck, Global Entry, and NEXUS application service sites, being charged $140 only to get nothing in return. Reports about these scams first appeared in March 2021, and by July, threat actors were abusing Google Ads to promote the fake sites on Google Search and increase their traffic.
US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. Banks are only required to report major cyberattacks if they have or will likely impact their operations, the ability to deliver banking products and services, or the US financial sector's stability.