Insights

FBI, CISA, NSA, and US and International Partners Release Advisory on Russian Military Cyber Actors Targeting US and Global Critical Infrastructure

Today, the Federal Bureau of Investigation (FBI)—in partnership with CISA, the National Security Agency (NSA), and other U.S. and international partners—released a joint Cybersecurity Advisory Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. This advisory provides overlapping cybersecurity industry cyber threat intelligence, tactics, techniques, and procedures (TTPs) and Indicators of Compromise (IOCs) associated with Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) cyber actors, both during and succeeding their…

Read More

Learning, Sharing, and Exploring with NIST’s New Human-Centered Cybersecurity Community of Interest

Human-centered cybersecurity (also known as ‘usable security’) involves the social, organizational, and technological influences on people’s understanding of and interactions with cybersecurity. By taking a human-centered cybersecurity (HCC) approach, we can both improve people’s cybersecurity experiences and achieve better cybersecurity outcomes, which is so important in today’s digitally interconnected world.  At NIST, we understand the value of making connections, listening, and interactivity. We also understand that researchers and practitioners want to hear directly from each…

Read More

Sextortion Scams Now Include Photos of Your Home

An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening and convincing. This week, several readers reported receiving sextortion emails that addressed them by name and included images of their street or front yard that were apparently lifted…

Read More

Owners of 1-Time Passcode Theft Service Plead Guilty

Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in November 2019, OTP Agency was a service for intercepting one-time passcodes needed to log in to various websites. Scammers who had already stolen someone’s bank account credentials could enter the target’s phone number and name,…

Read More

CISA and Partners Release Advisory on RansomHub Ransomware

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and Department of Health and Human Services (HHS)—released a joint Cybersecurity Advisory, #StopRansomware: RansomHub Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with RansomHub activity identified through FBI investigations and third-party reporting as recently as August 2024. RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—which has…

Read More

When Get-Out-The-Vote Efforts Look Like Phishing

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning but potentially counterproductive get-out-the-vote effort that had all the hallmarks of a phishing campaign. Image: WDIV Detroit on Youtube. On Aug. 27, the local…

Read More

CISA and Partners Release Advisory on Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3)—released Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations. This joint advisory warns of cyber actors, known in the private sector as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm, targeting and exploiting U.S. and foreign organizations across multiple sectors in the U.S.  FBI investigations conducted as recently as August 2024 assess that cyber actors like…

Read More

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China. Image: Shutterstock.com Versa Director systems are primarily used by Internet service…

Read More

Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-39717

Versa Networks has released an advisory for a vulnerability (CVE-2024-39717) in Versa Director, a key component in managing SD-WAN networks, used by some Internet Service Providers (ISPs) and Managed Service Providers (MSPs). A cyber threat actor could exploit this vulnerability to take control of an affected system.  CISA urges organizations to apply necessary updates, hunt for any malicious activity, report any positive findings to CISA, and review the following for more information:  Versa Security Bulletin:…

Read More

Local Networks Go Global When Domain Names Collide

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register. Here’s a look at one security researcher’s efforts to map and shrink the size…

Read More