Tag: FBI

FBI warns of fake remote work ads used for cryptocurrency fraud
News

FBI warns of fake remote work ads used for cryptocurrency fraud

The FBI released a warning today on con artists who pose as recruiters for reputable companies and use fictitious remote job ads to steal cryptocurrencies from job seekers around the country. These work-from-home scams aim to entice victims by offering simple chores like "optimizing" a service or reviewing other businesses on the internet. The FBI issued a warning about the scammers, who pose as reputable companies like staffing or recruiting agencies and may approach victims via unwanted call or message. The fraudulent job is designed with an ambiguous reward system, and the fraudster receives all payments made by victims who want to 'unlock' work or earn additional money through cryptocurrencies read more about FBI warns of fake remote work ads used for cryptocurrency fraud. ...
FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity
News

FBI Seizes BreachForums Again, Urges Users to Report Criminal Activity

For the second time in less than a year, law enforcement agencies have taken official control of the notorious BreachForums website, an online marketplace known for selling stolen data. The website "breachforums[.]st" has been replaced with a seizure banner indicating that the U.S. Federal Bureau of Investigation (FBI) is in charge of the clearnet cybercrime forum. Authorities from Australia, Iceland, New Zealand, Switzerland, the U.K., the U.S., and Ukraine worked together to create the operation. Additionally, the FBI has taken over the Telegram channel run by Baphomet, who took over as forum administrator when Conor Brian Fitzpatrick, better known as Pompompurin read more FBI Seizes BreachForums Again Urges Users to Report Criminal Activity. Get up to date on the latest cyb...
CISA: Black Basta ransomware breached over 500 orgs worldwide
News

CISA: Black Basta ransomware breached over 500 orgs worldwide

CISA and the FBI said today that between April 2022 and May 2024, associates of the Black Basta ransomware compromised over 500 businesses. The gang also encrypted and stole data from at least 12 out of 16 critical infrastructure sectors, according to a joint report released by the Department of Health and Human Services (HHS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). According to CISA, affiliates of Black Basta have attacked more than 500 private sector and critical infrastructure companies, including hospitals, across North America, Europe, and Australia. In April 2022, Black Basta became known as a ransomware-as-a-service (RaaS) operation Since then, a number of well-known victims have been compromised by its affiliates read more Black Basta ransom...
FBI warns of gift card fraud ring targeting retail companies
News

FBI warns of gift card fraud ring targeting retail companies

The FBI alerted American retail organizations to the fact that, since at least January 2024, a financially motivated hacking group has been using phishing attempts to target personnel in their gift card departments. Tracked as Storm-0539, this hacker organization uses a sophisticated phishing kit to get around multi-factor authentication on the personal and work mobile devices of retail department staff. Once an employee's account has been accessed, the attackers pivot towards compromised accounts associated with this particular portfolio and travel laterally through the network, attempting to locate the gift card business process. Apart from purloining the login credentials of employees in the gift card department, their activities also involve obtaining secure shell (SSH) passw...
NSA and FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources
News

NSA and FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources

On Thursday, the U.S. government released a fresh cybersecurity advise alerting readers to North Korean threat actors' attempts to send emails that appear to be from reliable and authentic sources. The Department of State, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) jointly released the bulletin. By obtaining unauthorized access to targets' private documents, research, and communications, the DPRK [Democratic People's Republic of Korea] uses these spear-phishing campaigns to gather intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting DPRK interests, according to the NSA. In particular, the method involves hiding social engineering attempts by taking use of DNS Domain-based Message Authenticat...
FBI warns of fake verification schemes targeting dating app users
News

FBI warns of fake verification schemes targeting dating app users

The FBI is alerting users to fraudulent verification schemes that are being pushed by con artists on dating apps and result in expensive monthly membership fees. In contrast to romance scams, which frequently incorporate investment fraud such as "pig butchering," the public service message clarifies that these verification methods depend on the victim making repeated monthly payments. Additionally, the information they provided while registration—such as their phone numbers, email addresses, complete names, and credit card details—is utilized for more harmful activities, like identity theft or is sold on online marketplaces for cybercrime. Although the verification system is simple, it may be quite effective against unwary users due to the slow deception process read more FBI war...
FBI: Androxgh0st malware botnet steals AWS and Microsoft credentials
News

FBI: Androxgh0st malware botnet steals AWS and Microsoft credentials

Threat actors utilizing the Androxgh0st virus are constructing a botnet aimed at stealing cloud credentials and exploiting the obtained data to distribute further malicious payloads, according to a warning issued today by CISA and the FBI. The botnet, which was first discovered by Lacework Labs in 2022, searches for websites and servers that have remote code execution (RCE) vulnerabilities by utilizing versions of the PHPUnit unit testing framework, PHP web framework, and Apache web server. CVE-2017-9841 (PHPUnit), CVE-2021-41773 (Apache HTTP Server), and CVE-2018-15133 (Laravel) are among the RCE weaknesses targeted by these attacks. The two agencies warned that Androxgh0st is a Python-scripted malware that is mainly used to target.env files that contain sensitive data read more...
FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool
News

FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool

In addition to formally announcing the stop of the BlackCat ransomware campaign, the U.S. Justice Department (DoJ) has made available a decryption tool that over 500 impacted victims can utilize to unlock files that the malware has locked. In a case of hacking the hackers, court documents reveal that the U.S. Federal Bureau of Investigation (FBI) sought the assistance of a confidential human source (CHS) to function as an associate for the BlackCat group and obtain access to a web panel used for managing the gang's victims. A number of law enforcement agencies from the United States, Germany, Denmark, Australia, the United Kingdom, Spain, Switzerland, and Austria collaborated and assisted read more FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool. Get up to date ...
CISA, FBI urge admins to patch Atlassian Confluence immediately
News

CISA, FBI urge admins to patch Atlassian Confluence immediately

Network administrators were alerted today by CISA, FBI, and MS-ISAC to patch their Atlassian Confluence servers right away to prevent attacks that actively take advantage of a maximum severity vulnerability. This major privilege escalation problem, tracked as CVE-2023-22515, affects Confluence Data Center and Server 8.0.0 and later. Low-complexity attacks that don't require user input can remotely exploit it. Atlassian urged users to update their Confluence instances as quickly as possible to one of the corrected versions (i.e., 8.3.3 or later, 8.4.3 or later, or 8.5.2 or later) when it provided security patches on October 4. This was because the flaw had already been exploited in the wild as a zero-day. It was advised for those who were unable to upgrade to either terminate the ...
FBI Dismantles QakBot Malware,Frees 700,000 Computers, Seizes $8.6 Million
News

FBI Dismantles QakBot Malware,Frees 700,000 Computers, Seizes $8.6 Million

The notorious Windows malware family QakBot, which is thought to have infected over 700,000 machines worldwide and enabled financial theft and ransomware, was brought down by a concerted law enforcement operation known as Operation Duck Hunt. In order to accomplish this, the U.S. Justice Department (DoJ) claimed that the virus is "being deleted from victim computers, preventing it from doing any more harm," and that it also seized more than $8.6 million in cryptocurrencies in illegal gains. In addition to providing technical support, the cybersecurity firm Zscaler, the cross-border exercise included France, Germany, Latvia, Romania, the Netherlands, the United Kingdom, and the United States read more FBI Dismantles QakBot Malware Frees 700000 Computers Seizes $8.6 Million. Stay i...