Joining allies from around the world, including every member nation of NATO, the United States formally accused China of hacking Microsoft.
The post The U.S. Finally Accuses China of Worldwide Hacking Attacks appeared first on Adam Levin.
Read More The U.S. Finally Accuses China of Worldwide Hacking Attacks
FireEye announced that Erin Joe has joined the company as Senior Vice President of Strategy and Alliances. In this role, Joe will be responsible for Mandiant strategy development and implementation, as well as key alliances in both the government and p…
Read More Erin Joe joins FireEye as SVP of Strategy and Alliances
The FBI has sounded an alert amongst owners of cryptocurrency, digital currency exchanges, and cryptocurrency payment platforms that their virtual riches are being actively targeted by malicious hackers.
Read more in my article on the Hot for Securi…
Read More FBI warns hackers are targeting cryptocurrency wallets and exchanges
Motherboard got its hands on one of those Anom phones that were really FBI honeypots.
Read More Analysis of the FBI’s Anom Phone
The details are interesting.
This situation is believed to be able to lead to significant financial losses. According to news publication BleepingComputer, the FBI issued the warning via a TLP: GREEN Private Industry Notification (PIN) that is designed to provide cybersecurity pro…
Read More FBI Warns of Cryptocurrency Attacks
Hundreds of small to medium-sized companies were hit by a record-breaking ransomware campaign over the Fourth of July weekend.
The post REvil Ransomware Campaign Compromises Hundreds of Businesses appeared first on Adam Levin.
Read More REvil Ransomware Campaign Compromises Hundreds of Businesses
Are you feeling generous? Do you want to help others? These cybercriminals are hoping someone is and does…
Read More Kaseya ransomware attackers say: “Pay $70 million and we’ll set everyone free”
Armorblox announced a strategic technology partnership with Intermedia to protect customers from advanced email attacks that target potentially vulnerable users. Armorblox technology powers AI Guardian, included with Intermedia Email Protection, to det…
Read More Armorblox collaborates with Intermedia to protect customers from advanced email attacks
It seems that law enforcement agencies have seized the servers and customer logs for DoubleVPN, a double-encryption service commonly used by threat actors to evade detection while performing malicious activities. DoubleVPN is a Russian-based VPN servic…
Read More DoubleVPN Servers, Logs, and Account Info Seized by Law Enforcement Agencies
According to a newly-published report by the FBI’s Internet Crime Complaint Center (IC3), the elderly are more at risk from falling victim to online fraud and internet scammers than ever before.
Read more in my article on the Hot for Security blog.
Read More One billion dollars lost by over-60s through online fraud in 2020, says FBI
Despite the Director of the FBI, the US Attorney General and the White House warning firms against paying cyber-related ransoms, 60 percent of organizations have admitted they would shell out funds in the event of an attack, according to a research fro…
Read More Most organizations would pay in the event of a ransomware attack
A report from Tessian reveals that 56% of IT leaders believe their employees have picked up bad cybersecurity behaviors since working from home. As organizations make plans for the post-pandemic hybrid workforce, the report reveals how security behavio…
Read More Bad cybersecurity behaviors plaguing the remote workforce
The lucrative nature of ransomware has spawned supporting companies and organizations — on both sides of the law.
The post UPDATED: Ransomware-as-a-Service Gets a Service That’s Legit appeared first on Adam Levin.
Read More UPDATED: Ransomware-as-a-Service Gets a Service That’s Legit
For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. Of course, the police were able to read everything — I don’t even know if this qualifies as a backdoor. This week, the world’s police organizations announced 800 arrests based on text messages sent over the app. We’ve seen law enforcement take over encrypted apps before: for example, EncroChat. This operation, code-named Trojan Shield, is the first time law enforcement managed an app from the beginning…
Read More FBI/AFP-Run Encrypted Phone
The Australian Federal Police (AFP) has revealed that it was able to decrypt and snoop on the private messages sent via a supposedly secure messaging app used by criminals… because the app was actually the brainchild of the FBI.
Read more in my arti…
Read More Criminal networks smashed after using “secure” chat app secretly run by cops
KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service (FSB), the Russian equivalent of the U.S. Federal Bureau of Investigation (FBI). In the process of doing so, I encountered a small snag: The FSB’s website said in order to contact them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware.
The reason I contacted the FSB — one of the successor agencies to the Russian KGB — ironically enough had to do with security concerns raised about the FSB’s own preferred method of being contacted.
Read More Adventures in Contacting the Russian FSB
If your password gets stolen as part of a data breach, you’ll probably be told. But what if your password gets pwned some other way?
Read More “Have I Been Pwned” breach site partners with… the FBI!
One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true.
Read More How to Tell a Job Offer from an ID Theft Trap
In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick.
Read More Try This One Weird Trick Russian Hackers Hate
So, what do you do if you’re a ransomware gang which has just caught the attention of not just the world’s media, but also the FBI and the President of the United States?
Read More The DarkSide ransomware gang must be shitting itself right now
BIO-key International introduced its new mobile app, BIO-key MobileAuth with PalmPositive the latest among over sixteen strong authentication factors available for BIO-key’s PortalGuard Identity-as-a-Service (IDaaS) platform. MobileAuth’s fast, t…
Read More BIO-key releases MobileAuth, a touchless biometric authentication app
The UK and US cybersecurity agencies have published a report detailing techniques used by Russia-linked cyberespionage group known APT29 (aka Cozy Bear). Today, UK NCSC and CISA-FBI-NSA cybersecurity agencies published a joint security advisory that warns organizations to patch systems immediately to mitigate the risk of attacks conducted by Russia-linked SVR group (aka APT29, Cozy Bear, and The Dukes)). The […]
The post Russia-linked APT29 group changes TTPs following April advisories appeared first on Security Affairs.
Read More Russia-linked APT29 group changes TTPs following April advisories
The person behind the Bitcoin Fog was identified and arrested. Bitcoin Fog was an anonymization service: for a fee, it mixed a bunch of people’s bitcoins up so that it was hard to figure out where any individual coins came from. It ran for ten years.
Identifying the person behind Bitcoin Fog serves as an illustrative example of how hard it is to be anonymous online in the face of a competent police investigation:
Read More Identifying the Person Behind Bitcoin Fog
Most remarkable, however, is the IRS’s account of tracking down Sterlingov using the very same sort of blockchain analysis that his own service was meant to defeat. The complaint outlines how Sterlingov allegedly paid for the server hosting of Bitcoin Fog at one point in 2011 using the now-defunct digital currency Liberty Reserve. It goes on to show the blockchain evidence that identifies Sterlingov’s purchase of that Liberty Reserve currency with bitcoins: He first exchanged euros for the bitcoins on the early cryptocurrency exchange Mt. Gox, then moved those bitcoins through several subsequent addresses, and finally traded them on another currency exchange for the Liberty Reserve funds he’d use to set up Bitcoin Fog’s domain…
Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.
Read More Task Force Seeks to Disrupt Ransomware Payments
Latest video – watch now! We look at the recent FBI “webshell hacking” controversy from both sides.
Read More Naked Security Live – To hack or not to hack?
The Washington Post has published a long story on the unlocking of the San Bernardino Terrorist’s iPhone 5C in 2016. We all thought it was an Israeli company called Cellebrite. It was actually an Australian company called Azimuth Security.
Read More Details on the Unlocking of the San Bernardino Terrorist’s iPhone
Azimuth specialized in finding significant vulnerabilities. Dowd, a former IBM X-Force researcher whom one peer called “the Mozart of exploit design,” had found one in open-source code from Mozilla that Apple used to permit accessories to be plugged into an iPhone’s lightning port, according to the person…
On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy.
Read More Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?
US justice department says bureau hacked devices to remove malware from insecure softwareThe FBI has been hacking into the computers of US companies running insecure versions of Microsoft software in order to fix them, the US Department of Justice has …
Read More FBI hacks vulnerable US computers to fix malicious malware
The Federal Bureau of Investigation (FBI) has issued a warning about the risks of telephony denial-of-service (TDoS) attacks on call centers. The United States’ Federal Bureau of Investigation (FBI) is warning of the consequences of telephony denial-of-service (TDoS) attacks on call centers, which in some cases could threaten people’s lives. TDoS attacks could render telephone systems unavailable […]
The post FBI warns of the consequences of telephony denial-of-service (TDoS) attacks appeared first on Security Affairs.
Read More FBI warns of the consequences of telephony denial-of-service (TDoS) attacks
The FBI is hoping that its hunt for Capitol rioters will go viral, a cryptocurrency con lets its perpetrator live the high life… for a while, and just what does Facebook have against cows and a team of cricketers?
All this and much more is discuss…
Read More Smashing Security podcast #215: Sexy cows banned on Facebook
The U.S. Justice Department today unsealed indictments against three men accused of working with the North Korean regime to carry out some of the most damaging cybercrime attacks over the past decade, including the 2014 hack of Sony Pictures, the global WannaCry ransomware contagion of 2017, and the theft of roughly $200 million and attempted theft of more than $1.2 billion from banks and other victims worldwide.
Read More U.S. Indicts North Korean Hackers in Theft of $200 Million
The FBI is warning companies about the use of out-of-date Windows 7 systems, desktop sharing software TeamViewer, and weak account passwords. The FBI issues this week a Private Industry Notification (PIN) alert to warn companies about the risks of using out-of-date Windows 7 systems, poor account passwords, and desktop sharing software TeamViewer. The alert comes […]
The post FBI’s alert warns about using Windows 7 and TeamViewer appeared first on Security Affairs.
Read More FBI’s alert warns about using Windows 7 and TeamViewer
Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages. The documents revealed that encrypted messages can be intercepted from […]
The post Court documents show FBI could use a tool to access private Signal messages on iPhones appeared first on Security Affairs.
Read More Court documents show FBI could use a tool to access private Signal messages on iPhones
Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret:
Read More Chinese Supply-Chain Attack on Computer Systems
China’s exploitation of products made by Supermicro, as the U.S. company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the matter. That included an FBI counterintelligence investigation that began around 2012, when agents started monitoring the communications of a small group of Supermicro workers, using warrants obtained under the …
At the same time the Russians were using a backdoored SolarWinds update to attack networks worldwide, another threat actor — believed to be Chinese in origin — was using an already existing vulnerability in Orion to penetrate networks:
Read More Another SolarWinds Orion Hack
Two people briefed on the case said FBI investigators recently found that the National Finance Center, a federal payroll agency inside the U.S. Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised.
Reuters was not able to establish how many organizations were compromised by the suspected Chinese operation. The sources, who spoke on condition of anonymity to discuss ongoing investigations, said the attackers used computer infrastructure and hacking tools previously deployed by state-backed Chinese cyberspies…
Parler, the beleaguered social network advertised as a “free speech” alternative to Facebook and Twitter, has had a tough month. Apple and Google removed the Parler app from its stores, and Amazon blocked the platform from using its hosting services. Parler has since found a home in DDoS-Guard, a Russian digital infrastructure company. But now it appears DDoS-Guard is about to be relieved of more than two-thirds of the Internet address space the company leases to clients — including the Internet addresses currently occupied by Parler.
Read More DDoS-Guard To Forfeit Internet Space Occupied by Parler