X-Industry

Several government security agencies worldwide are warning people about spyware that has been snooping on mobile phone users' private data. An advisory from the various agencies recently revealed that the spyware variants have been targeting users connected to Taiwanese independence and similar movements. Known as Badbazaar and Moonshine, the two spyware strains have been spoofing legitimate apps to trick unsuspecting victims. [1]

The advisory comes from a host of agencies, including the Austral

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint cyber security advisory on the growing threat of Ghost ransomware. A variation of this strain of malware called GhostSocks uses SOCKS5 to bypass anti-fraud mechanisms and geographic restrictions. First detected in 2021, this ransomware group has targeted organizations in over 70 countries, exploiting unpatched software, weak credentials, and outdated security configurations to infiltrate enterprise networ

BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack. “We identified an attempt to compromise our BT Conferencing platform. This incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated,”

The FTC announced on 03 December 2024 that it had banned data brokers Mobilewalla and Gravy Analytics from harvesting and selling Americans' location tracking data linked to sensitive locations, like churches, healthcare facilities, military installations, and schools. The FTC says Mobilewalla and Gravy Analytics unlawfully collected and sold location data collected from consumers, including data linked to their visits to places of worship and health-related locations.

Virginia-based Gravy Analy

Criminals are using text messaging, dating apps, social media, and email to perpetrate a form of financial fraud, most known as 'pig-butchering,' where victims are lured into fraudulent investment schemes. Meta has confirmed it has removed around 2 million scam accounts across its platforms since the beginning of 2024. “This year alone, we’ve taken down over two million accounts linked to scam centers in Myanmar, Laos, Cambodia, the United Arab Emirates, and the Philippines,” says Meta.
See: http

FortiGuard Labs gathers data on ransomware variants of interest that are gaining traction within its datasets and the OSINT community. The report below provides brief insights into the evolving ransomware landscape.

Interlock Ransomware Overview - Interlock is a new ransomware variant that was first publicly discovered in an available file-scanning site in early October 2024. This could indicate that the ransomware emerged as early as September. The Interlock ransomware comes in Windows and Free

The US Department of Justice (DoJ) has announced arrests and charges against several individuals and entities for allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action, codenamed Operation Token Mirrors, is the result of the US Federal Bureau of Investigation (FBI) taking the "unprecedented step" of creating its own cryptocurrency token and company, NexFundAI.

NexFundAI, as per information on the website, was marketed as redefining the "

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the US voter registration data has been compromised in cyber-attacks.  The two agencies note that malicious actors spread disinformation to manipulate public "opinion and undermine confidence in US democratic institutions."

According to public service awareness, the actors present publicly accessible data as evidence of the hacks.  "Malicious acto

The US Department of Justice (DOJ) announced on 04 September 2024 that it had seized 32 internet domains in a covert Russian government-sponsored foreign malign influence operation.  This operation, known as "Doppelganger," targeted audiences in the United States and other countries to influence the 2024 US Presidential Election and other political objectives.

The DOJ's action reveals the extent of Russia's ongoing efforts to interfere in foreign elections and spread disinformation.  The Russian

Almost everyone knows dating sites can be dangerous, and you need to be careful. But a nasty new threat plays on those fears, and by the time you realize it, it could be too late…..Don't make this mistake on your dating app.

Online dating can be dangerous; who is at the other end of all those flirty and exciting messages, and whose pictures have they chosen to share?  But now, a new FBI warning has taken something of a twist because the latest threat to dating app users plays on those fears that

Cybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children’s hospital and that the US government is doing too little to prevent such breaches.  Hospitals in recent years have shifted their use of online technology to support everything from telehealth to medical devices to patient records.  Today, they are a favorite target for internet thieves who hold systems’ data and networks hostage f

A United States federal judge has sentenced Joshua Adam Schulte, a former CIA employee, to 40 years in prison for one of the most significant disclosures of classified information in US history.  Schulte worked as a software developer for the CIA's cyber operations division from 2012 to 2016, where he built hacking tools for intelligence gathering.  According to the US Department of Justice, an internal dispute in 2016 led to Schulte's administrator privileges being revoked.  He had secretly ope

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against US critical infrastructure in the event of a significant crisis or conflict with the United States.[1]

CISA, NSA, FBI and the following partners are releasing this advisory to warn criti

A recent article raised the question of whether North Korea was the perpetrator of the cyber-attacks against Sony Pictures in December 2014.  Despite the difficulties typically associated with such activities, the US Federal Bureau of Investigation (FBI) quickly attributed (25 days) the attacks to North Korea, even though an enigmatic group calling itself “Guardians of Peace” took responsibility.  Nevertheless, once the FBI official blamed North Korea, no one in the government appeared to questi

The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in numerous global geographical areas of interest for information-gathering activity.

The UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the US National Security

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515.  This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious cyber threat actors to obtain initial access to Confluence instances by creating unauthoriz

The US Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023.  "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants were deployed in various combinations."

See:  https://www.ic3.gov/Media/News/2023/230928.pdf

Not much is

Advanced Persistent Threat (APT) actors have exploited known vulnerabilities in Zoho ManageEngine and Fortinet VPN products to hack an organization in the aeronautical sector, according to a joint report from the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Cyber Command’s Cyber National Mission Force (CNMF).  Impacting more than 20 on-premises Zoho ManageEngine products, the first bug, tracked as CVE-2022-47966 (CVSS score of 9.8), allows remote attackers to execute

A criminal ransomware network connected to a cyber-attack inside numerous US hospitals has been taken down by the FBI, according to a US Department of Justice press release.  The attack hit over 200,000 computers across the US and cost hundreds of millions of dollars in damage.  The FBI called it a duck hunt taking down the hacking network called Qakbot.  “Qackbot is one of the most successful persistent and notorious botnets in the globe,” said US Attorney Martin Estrada. “Stopping cybercrime i

The US Federal Bureau of Investigation (FBI) warns that cyber crooks are masquerading as legitimate non-fungible token (NFT) developers to steal cryptocurrency and other digital assets from unsuspecting users.  In these fraudulent schemes, criminals either obtain direct access to NFT developer social media accounts or create look-alike accounts to promote "exclusive" new NFT releases, often employing misleading advertising campaigns that create a sense of urgency to pull them off.

"Links provide