FBI TLP Alert
SUMMARY
Note: This advisory is the second product in a series on North Korea’s targeting of COVID-19 research and a follow-up to Joint CSA AA20-303A: North Korean Cyber Actors Targeting Vaccine and Virology Organizations (TLP:AMBER), which was originally released on 29 October 2020 through…
This Joint Cybersecurity Advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the United Kingdom (UK) National Cyber Security Centre (NCSC).
Daily Recap of major Headlines, the “Good Stuff”, US Snapshots, US Vaccinations, US Variant Cases, key Highlights, as well as key Statistics, Vaccine and Treatment information, US Restrictions and the Back to Normal Index related to the novel coronavirus pandemic.
SUMMARY
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental organizations (NGOs).
Summary
The FBI is continuing to warn about Advanced Persistent Threat (APT) actors exploiting Fortinet vulnerabilities. As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. municipal government. The APT…
This FBI alert address the ‘Conti’ ransomware threat to hospitals, health systems and other critical infrastructure.
Darkside is a ransomware-as-a-service (RaaS) variant, in which criminal affiliates conduct the attacks and the proceeds are shared with the ransomware developer(s). Darkside has impacted numerous organizations across various sectors including manufacturing, legal, insurance, healthcare, and energy.
On 13 April 2021, the Federal Bureau of Investigation (FBI) conducted a court-authorized operation to remove hundreds of malicious web shells from vulnerable servers in the United States in response to the widespread exploitation of critical Microsoft Exchange Server (MES) vulnerabilities by…
In March 2021 the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) observed Advanced Persistent Threat (APT) actors scanning devices on ports 4443, 8443, and 10443 for CVE-2018-13379, and enumerated devices for CVE-2020-12812 and CVE-2019-5591.…
On 14 April 2020, the Nemty ransomware actors announced a shutdown of Nemty’s Ransomware-as-a-Service operations. At the same time, Nefilim, which first appeared in March 2020, launched a public leaking website called corpleaks.net.