FBI Opens a Case on Chinese Activity ‘Every 10 Hours,’ Intel Chiefs Say

The threat from China, multi-faceted and severe, is foremost in a pack that includes Russian actions in Ukraine, Iranian nuclear efforts, and North Korea’s existing nukes, U.S. intelligence leaders told the Senate Intelligence Committee on Wednesday.

“We have now over 2,000 investigations that tie back to the Chinese government,” FBI Director Chris Wray said at the hearing. “On the economic espionage side alone, it’s a 1,300 percent increase over the last several years. We’re opening a new investigation on China every ten hours and I assure the committee it’s not because our folks don’t have anything to do with their time.”

Continue reading “FBI Opens a Case on Chinese Activity…”

A Ransomware Gang is Now Shorting Stock Price of its Victims

source: cyware.com

 

Darkside ransomware operators have changed their extortion tactics and are now targeting organizations listed on NASDAQ or other stock markets. They believe that the negative impact of having a traded organization’s name listed on their website would cause its stock price to fall, and the attackers are trying to make a profit out of this.

What is happening?

In a recent message on their dark web portal, the operators stated that they are willing to inform crooked stock traders in advance.

Russian foreign intelligence service exploiting five publicly known vulnerabilities to compromise U.S. and allied networks

source: securitymagazine.com

The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released a Cybersecurity Advisory, “Russian SVR Targets U.S. and Allied Networks,” to expose ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities. This advisory is being released alongside the U.S. government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them.  

Continue reading “Russian Foreign Intelligence Service Exploiting U.S. Vulnerabilities”

source: wired.com

Faces of the Riot used open source software to detect, extract, and deduplicate every face from the 827 videos taken from the insurrection on January 6.

WHEN HACKERS EXPLOITED a bug in Parler to download all of the right-wing social media platform’s contents last week, they were surprised to find that many of the pictures and videos contained geolocation metadata revealing exactly how many of the site’s users had taken part in the invasion of the US Capitol building just days before. But the videos uploaded to Parler also contain an equally sensitive bounty of data sitting in plain sight: thousands of images of unmasked faces, many of whom participated in the Capitol riot. Now one website has done the work of cataloging and publishing every one of those faces in a single, easy-to-browse lineup.

Late last week, a website called Faces of the Riot appeared online, showing nothing but a vast grid of more than 6,000 images of faces, each one tagged only with a string of characters associated with the Parler video in which it appeared. The site’s creator tells WIRED that he used simple open source machine learning and facial recognition software to detect, extract, and deduplicate every face from the 827 videos that were posted to Parler from inside and outside the Capitol building on January 6, the day when radicalized Trump supporters stormed the building in a riot that resulted in five people’s deaths. The creator of Faces of the Riot says his goal is to allow anyone to easily sort through the faces pulled from those videos to identify someone they may know or recognize who took part in the mob, or even to reference the collected faces against FBI wanted posters and send a tip to law enforcement if they spot someone. Continue reading “This Site Published Every Face From Parler’s Capitol Riot Videos”

 

Child Tweets Gibberish from U.S. Nuke Account

source: threatpost.com

 

Telecommuting social-media manager for the U.S. Strategic Command left the laptop open and unsecured while stepping away.

A nonsense tweet sent out from the official account of U.S. Strategic Command is no reason for alarm, according to the department. The social media manager’s kid found an open laptop, pounded on a few random keys and sent the tweet, which read, “;l;;gmlxzssaw” last Sunday.

The tweets were met with alarm since @USSTRATCOM controls the launch codes for the country’s nuclear arsenal. Mikael Thalen, a reporter with the Daily Dot, decided to file a Freedom of Information Act (FOIA) request to get answers.

“Filed a FOIA request with U.S. Strategic Command to see if I could learn anything about their gibberish tweet yesterday,” Thalen wrote. “Turns out their Twitter manager left his computer unattended, resulting in his ‘very young child’ commandeering the keyboard.”

USSTRATCOM stressed, according to Thalen, the post was not the result of a breach.

Continue reading “Child Tweets Gibberish from U.S. Nuke Account”

source: cbsnews.com

What is an NFT? The Trendy Blockchain Technology Explained

n early March, a tech company bought a piece of art worth $95,000. Then the executives lit it on fire. At the end of the spectacle, which was shared live on the internet, the group unveiled a copy of the art, this time in digital form. The creation, by elusive British artist Banksy, was called “Morons (White).”

As for the digital format, it’s getting more hype than the painting and the burning put together. It’s a rising type of technology called a non-fungible token, or NFT. Think of an NFT as a unique proof of ownership over something you can’t usually hold in your hand — a piece of digital art, a digital coupon, maybe a video clip. Like the digital art itself, you can’t really hold an NFT in your hand, either — it’s a one-of-a-kind piece of code, stored and protected on a shared public exchange. 

Continue reading “What is an NFT? The Trendy Blockchain Technology Explained”

Young Adults, Seniors Over 75 Most Susceptible to Cyber Fraud: Report

source: technewsworld.com

The most vulnerable cybercrime victims are young adults and adults over 75, according to the latest research revealed in the LexisNexis Risk Solutions biannual Cybercrime Report.

Released Feb. 23, the report tracks global cybercrime activity from July 2020 through December 2020. The report reveals how unprecedented global change in 2020 created new opportunities for cybercriminals around the world, particularly as they targeted new users of online channels.

LexisNexis’ research found a 29 percent growth in global transaction volume compared to the second half of 2019. This growth came in the financial services (29 percent), e-commerce (38 percent) and media (9 percent) sectors. The number of human-initiated attacks dropped in 2020 by roughly 184 million, while the number of bot attacks grew by 100 million.

Continue reading “Young Adults, Seniors Over 75 Most Susceptible to Cyber Fraud: Report”

Maza Russian Cybercriminal Forum Suffers Data Breach

source: zdnet.com


The Maza cybercriminal forum has reportedly suffered a data breach leading to the leak of user information. 

On March 3, Flashpoint researchers detected the breach on Maza — once known as Mazafaka — which has been online since at least 2003. 

Maza is a closed and heavily-restricted forum for Russian-speaking threat actors. The community has been connected to carding — the trafficking of stolen financial data and payment card information — and the discussion of topics including malware, exploits, spam, money laundering, and more. 

Once the forum was compromised, the attackers who took the forum over posted a warning message claiming “Your data has been leaked / This forum has been hacked.”

Continue reading “Maza Russian Cybercriminal Forum Suffers Data Breach”

What you cannot see you cannot secure: Shining a light on cybersecurity threats in a work-from-home environment

source: securitymagazine.com

A quick “work from home new normal” search on Google will return results somewhere in the ballpark of 2 billion. On the other hand, searches for “cybersecurity risks work from home” result in far less—around 32 million. While that may seem like a lot of coverage on any scale, it reflects the chasm between what we focus on and what we understand about this new environment as we begin 2021.

By now, most companies recognize there is no turning back the hands of time to the way it was before the pandemic. The digital transformation is not just upon us but part of life moving forward. That’s likely to mean digital or hybrid workforces, digital currency and digital content, all of which can be hacked, causing significant damage to enterprises and employees alike. And while cybersecurity has been a concern for as long as the Internet became a staple of life, the difference now is that instead of organizations considering a strong culture of cybersecurity “nice to have,” it is a necessity—regardless of where workers are located.

Continue reading “What You Cannot See You Cannot Secure”

How Email Attacks are Evolving in 2021

source:  threatpost.com


The money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.

Hundreds of thousands of dollars lost. Financial and emotional ruin. And in some cases, suicide. These are some of the outcomes business email compromise (BEC) attacks have on victims, said Ronnie Tokazowski, senior threat researcher with Agari.

These type of attacks don’t garner the same attention as high-profile hacks, he said. Why? Because BEC attacks are simple – yet potent. Instead of having to develop malware or complex attack chains, all attackers need to do is send an email – usually mimicking a coworker’s email account or using a compromised account –  and con victims to wire transfer money, for example. But the fallout from these types of attacks are devastating.

Continue reading “How Email Attacks are Evolving in 2021”