Cybersecurity News
CISA, FBI, and NSA Release Joint Cybersecurity Advisory on BlackMatter Ransomware
10/18/2021
Since July 2021, BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations.
Ongoing Cyber Threats to U.S. Water and Wastewater Systems
10/14/2021
This joint advisory, the result of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA, highlights ongoing malicious cyber activity targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of U.S. Water and Wastewater Systems (WWS) Sector facilities.
Ransomware, Vendor Breaches Spike on Federal Tally
09/28/2021
Hacking incidents - especially those involving ransomware attacks and vendors - continue to rack up the largest victim counts in breaches being posted in recent weeks to the federal health data breach tally.
Wide-ranging BEC scam underscores dangers of doing business with (un)trusted suppliers
09/27/2021
Federal prosecutors in Virginia are charging four individuals for a wide-ranging scheme to defraud businesses, first by hacking into their email or networks and then impersonating trusted third-party vendors in order to collect on unpaid bills.
Scammers Defraud Victims of Millions of Dollars in New Trend in Romance Scams
09/16/2021
The FBI warns of a rising trend in which scammers are defrauding victims via online romance scams, persuading individuals to send money to allegedly invest or trade cryptocurrency.
FACT SHEET: Biden Administration and Private Sector Leaders Announce Ambitious Initiatives to Bolster the Nation’s Cybersecurity
08/25/2021
Cybersecurity threats and incidents affect businesses of all sizes, small towns and cities in every corner of the country, and the pocketbooks of middle-class families. Compounding the challenge, nearly half a million public and private cybersecurity jobs remain unfilled.
T-Mobile Probes Attack, Confirms Systems Were Breached
08/17/2021
A seller in an online forum claims that 100 million personal records, of which 36 million are unique, were taken from T-Mobile's Systems. Part of the data, which consists of 30 million Social Security and driver's license numbers, was put up for sale on the online forum for six bitcoins, worth about $286,000
State, Local Governments Highlight Cybersecurity Funding Needs
06/18/2021
State, local and county governments officials testified that they need continually renewed, flexible funding to fend off increasing cyber threats during a U.S. Senate hearing yesterday.
JBS paid $11M in Bitcoin to resolve ransomware attack
06/10/2021
One of the biggest meat producers in the US paid $11 million to cybercriminals responsible for a ransomware attack that temporarily knocked out processing plants last week. The cyberattack forced the meat producer to shut down some plants, prompting concerns about possible meat shortages.
$2.3 Million of Colonial Pipeline Ransom Payment Recovered
06/07/2021
The U.S. Justice Department on Monday reported it recouped $2.3 million of the $4.4 million ransom Colonial Pipeline Co. paid following a May 7 DarkSide ransomware attack.
CNA Financial Paid $40 Million in Ransom After March Cyberattack
05/20/2021
The Chicago-based company paid the hackers about two weeks after a trove of company data was stolen. CNA officials were locked out of their network, according to two people familiar with the attack who asked not to be named because they weren’t authorized to discuss the matter publicly.
Executive Order on Improving the Nation’s Cybersecurity
05/12/2021
The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors.
The Cybersecurity 202: A group of industry, government and cyber experts have a big plan to disrupt the ransomware crisis
04/29/2021
A task force of more than 60 experts from industry, government, nonprofits and academia is urging the U.S. government and global allies to take immediate steps to stem a growing global crisis of cyberattacks in which hackers seize computer systems and data in exchange for a ransom.
The group, which issued a report today, says swift, coordinated action can disrupt and deter the growing threat of cyberattacks that use ransomware, a malicious software that locks up computer systems so that criminals can demand ransom in exchange for access.
Hackers Exploit Exchange Flaws to Target Local Governments
03/05/2021
Hackers have targeted units of local government in the U.S. by attempting to exploit unpatched vulnerabilities in Microsoft Exchange email servers, according to a new report by the security firm FireEye.
Joint NSA and CISA Guidance on Strengthening Cyber Defense Through Protective DNS
03/04/2021
The National Security Agency (NSA) and CISA have released a Joint Cybersecurity Information (CSI) sheet with guidance on selecting a protective Domain Name System (PDNS) service as a key defense against malicious cyber activity. Protective DNS can greatly reduce the effectiveness of ransomware, phishing, botnet, and malware campaigns by blocking known-malicious domains. Additionally organizations can use DNS query logs for incident response and threat hunting activities.
Mitigate Microsoft Exchange Server Vulnerabilities
03/03/2021
Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products.
'Cuba Ransomware' attack disrupts payment provider used by state and local agencies
02/19/2021
The company known as Automatic Funds Transfer Services was hit by a ransomware attack around Feb. 3 when a group called “Cuba Ransomware” began stealing the company’s credentials and unencrypted files.
AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
02/17/2021
On February 17, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Treasury (Treasury) issued a Joint Cybersecurity Alert (CSA) and seven Malware Analysis Reports (MAR) on the malware variant known as APPLEJEUS. APPLEJEUS has been used by Lazarus Group, a North Korean-sponsored Advanced Persistent Threat (APT) actor.
Compromise of U.S. Water Treatment Facility
02/12/2021
Several sets of access credentials for the Oldsmar, Florida, water treatment plant system were found in a batch of data posted online shortly before the breach. A joint alert issued by the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency, and the Multi-State Information Sharing and Analysis Center provides an overview of the incident and suggests mitigations.
IRS, Summit partners issue urgent EFIN scam alert to tax professionals
02/10/2021
The Internal Revenue Service, state tax agencies and tax industry today warned tax professionals of a new scam email that impersonates the IRS and attempts to steal Electronic Filing Identification Numbers (EFINs).
This phishing scam left thousands of stolen passwords exposed through Google search
01/21/2021
Operators of a phishing campaign targeting the construction and energy sectors exposed credentials stolen in attacks that were publicly viewable with a simple Google search.
JOINT STATEMENT BY THE FEDERAL BUREAU OF INVESTIGATION (FBI), THE CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY (CISA), THE OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE (ODNI), AND THE NATIONAL SECURITY AGENCY (NSA)
01/05/2021
The National Security Council staff has stood up a task force construct known as the Cyber Unified Coordination Group (UCG), composed of the FBI, CISA, and ODNI with support from NSA, to coordinate the investigation and remediation of this significant cyber incident involving federal government networks. The UCG is still working to understand the scope of the incident but has the following updates on its investigative and mitigation efforts.
Suspected Russian hackers spied on U.S. Treasury emails - sources
12/13/2020
Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments, according to people familiar with the matter, adding they feared the hacks uncovered so far may be the tip of the iceberg.
Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
12/10/2020
Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year. These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.
Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems
10/22/2020
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that Iranian advanced persistent threat (APT) actors are likely intent on influencing and interfering with the U.S. elections to sow discord among voters and undermine public confidence in the U.S. electoral process.
Barnes & Noble confirms cyberattack, suspected customer data breach
10/15/2020
Barnes & Noble has confirmed a cyberattack impacting Nook services and potentially exposing customer data.
Container shipping group CMA CGM resumes online services after cyber attack
10/12/2020
LONDON (Reuters) - CMA CGM, the world’s fourth-largest container shipping group, said it has restored its online business services after a cyber attack last month paralysed activity.
Potential for China Cyber Response to Heightened U.S.–China Tensions
10/01/2020
In light of heightened tensions between the United States and China, the Cybersecurity and Infrastructure Security Agency (CISA) is providing specific Chinese government and affiliated cyber threat actor tactics, techniques, and procedures (TTPs) and recommended mitigations to the cybersecurity community to...
FBI Warns Voters About Election Crimes Ahead of the November 2020 Election
09/24/2020
Fair elections are the foundation of our democracy in the United States, and the FBI is committed to protecting the rights of all Americans to vote. The FBI is issuing this warning to educate voters about federal election crimes and how to avoid them, and to encourage voters to report suspected violations.
City of Hartford postpones first day of school after ransomware attack
09/08/2020
According to a statement published by Hartford Public Schools, the school district serving the city of Hartford, the ransomware attack impacted several of the school's internal IT systems, causing a prolonged outage.
