Threats

Note: Most of my rss feeds on this page are currently broken. Sorry about that. Please consider the “Threats” section under construction for now.

Department of State

The Dept of State has several threat rss feeds, but they aren’t always up.

DHS

Threat information from the Department of Homeland Security (DHS), including the National Terrorism Advisory System and Cybersecurity alerts.

National Terrorism Advisory System (NTAS) Alerts

    Feed has no items.

Cybersecurity

  • AA19-339A: Dridex Malware
    by CISA on December 5, 2019 at 2:13 pm

    Original release date: December 5, 2019SummaryThis Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share information with the financial services sector. Treasury and the Cybersecurity and Infrastructure Security Agency (CISA) are providing this report to inform the sector about the Dridex malware and variants. The report provides an overview of the malware, related activity, and a list of previously unreported indicators of compromise derived from information reported to FinCEN by private sector financial institutions. Because actors using Dridex malware and its derivatives continue to target the financial services sector, including financial institutions and customers, the techniques, tactics, and procedures contained in this report warrant renewed attention. Treasury and CISA encourage network […]

  • AA19-290A: Microsoft Ending Support for Windows 7 and Windows Server 2008 R2
    by CISA on October 17, 2019 at 4:36 pm

    Original release date: October 17, 2019 | Last revised: October 18, 2019SummaryNote: This alert does not apply to federally certified voting systems running Windows 7. Microsoft will continue to provide free security updates to those systems through the 2020 election. See Microsoft’s article, Extending free Windows 7 security updates to voting systems, for more information. On January 14, 2020, Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating systems.[1] After this date, these products will no longer receive free technical support, or software and security updates. Organizations that have regulatory obligations may find that they are unable to satisfy compliance requirements while running Windows 7 and Windows Server 2008 R2. Technical DetailsAll software products have a lifecycle. “End of support” refers to the date when the software vendor will no longer provide automatic fixes, updates, or online technical assistance. […]

  • AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability
    by CISA on June 17, 2019 at 1:37 pm

    Original release date: June 17, 2019SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions:Windows 2000Windows VistaWindows XPWindows 7Windows Server 2003Windows Server 2003 R2Windows Server 2008Windows Server 2008 R2An attacker can exploit this vulnerability to take control of an affected system.     Technical DetailsBlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows OSs listed above. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system. According to Microsoft, an attacker can send specially crafted packets to one of these operating systems that has RDP enabled.[1] After successfully sending the […]

  • AA19-122A: New Exploits for Unsecure SAP Systems
    by CISA on May 2, 2019 at 10:54 pm

    Original release date: May 2, 2019 | Last revised: May 3, 2019SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target unsecure configurations of SAP components. [1]Technical DetailsA presentation at the April 2019 Operation for Community Development and Empowerment (OPCDE) cybersecurity conference describes SAP systems with unsecure configurations exposed to the internet. Typically, SAP systems are not intended to be exposed to the internet as it is an untrusted network. Malicious cyber actors can attack and compromise these unsecure systems with publicly available exploit tools, termed “10KBLAZE.” The presentation details the new exploit tools and reports on systems exposed to the internet.SAP Gateway ACLThe SAP Gateway allows non-SAP applications to communicate with SAP applications. If SAP Gateway access control lists (ACLs) are not configured properly (e.g., gw/acl_mode = […]

  • AA19-024A: DNS Infrastructure Hijacking Campaign
    by CISA on January 24, 2019 at 8:01 pm

    Original release date: January 24, 2019 | Last revised: February 13, 2019SummaryThe National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.See the following links for downloadable copies of open-source indicators of compromise (IOCs) from the sources listed in the References section below:IOCs (.csv)IOCs (.stix)Note: these files were last updated February 13, 2019, to remove the following three non-malicious IP addresses:107.161.23.204192.161.187.200209.141.38.71Technical […]

  • AA18-337A: SamSam Ransomware
    by CISA on December 3, 2018 at 4:18 pm

    Original release date: December 3, 2018SummaryThe Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.The SamSam actors targeted multiple industries, including some within critical infrastructure. Victims were located predominately in the United States, but also internationally. Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms.The actors exploit […]

  • TA18-331A: 3ve – Major Online Ad Fraud Operation
    by CISA on November 27, 2018 at 5:09 pm

    Original release date: November 27, 2018Systems AffectedMicrosoft WindowsOverviewThis joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation—referred to by the U.S. Government as "3ve"—involving the control of over 1.7 million unique Internet Protocol (IP) addresses globally, when sampled over a 10-day window.DescriptionOnline advertisers desire premium websites on which to publish their ads and large numbers of visitors to view those ads. 3ve created fake versions of both (websites and visitors), and funneled the advertising revenue to cyber criminals. 3ve obtained control over 1.7 million unique IPs by leveraging victim computers infected with Boaxxe/Miuref and Kovter malware, as well as Border Gateway Protocol-hijacked IP […]

  • AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
    by CISA on October 11, 2018 at 3:19 pm

    Original release date: October 11, 2018SummaryThis report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5]In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world. The five tools are:Remote Access Trojan: JBiFrostWebshell: China ChopperCredential Stealer: MimikatzLateral Movement Framework: PowerShell EmpireC2 Obfuscation and Exfiltration: HUC Packet TransmitterTo aid the work of network defenders and systems administrators, we also provide advice on limiting the effectiveness of these tools and detecting their use on a network.The individual tools we cover in this report are limited examples of the types of tools used by threat actors. You should not consider this an exhaustive list when planning your network defense.Tools and techniques for exploiting networks and the […]

  • TA18-276B: Advanced Persistent Threat Activity Exploiting Managed Service Providers
    by CISA on October 3, 2018 at 11:47 am

    Original release date: October 3, 2018Systems AffectedNetwork SystemsOverviewThe National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016, APT actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims in several U.S. critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.This Technical Alert (TA) provides information and guidance to assist MSP customer network and system administrators with the detection of malicious activity on their networks and systems and the mitigation of associated risks. This TA includes an overview of TTPs used by APT actors in MSP network environments, recommended mitigation techniques, and information on […]

  • TA18-276A: Using Rigorous Credential Control to Mitigate Trusted Network Exploitation
    by CISA on October 3, 2018 at 11:00 am

    Original release date: October 3, 2018Systems AffectedNetwork SystemsOverviewThis technical alert addresses the exploitation of trusted network relationships and the subsequent illicit use of legitimate credentials by Advanced Persistent Threat (APT) actors. It identifies APT actors' tactics, techniques, and procedures (TTPs) and describes the best practices that could be employed to mitigate each of them. The mitigations for each TTP are arranged according to the National Institute of Standards and Technology (NIST) Cybersecurity Framework core functions of Protect, Detect, Respond, and Recover.DescriptionAPT actors are using multiple mechanisms to acquire legitimate user credentials to exploit trusted network relationships in order to expand unauthorized access, maintain persistence, and exfiltrate data from targeted organizations. Suggested best practices for administrators to mitigate this threat include auditing credentials, remote-access logs, and controlling privileged access […]

DOJ and FBI

Information from the Department of Justice (DOJ) and the FBI focused on federal law enforcement, significant cases in the news, and other alerts.

FBI Top Stories

  • Swindler Sentenced
    on December 12, 2019 at 9:22 am

    A scammer who stole properties from vulnerable homeowners—often elderly people or people who did not speak English—has been convicted and sentenced.

  • Charges Announced in Malware Conspiracy
    on December 5, 2019 at 2:00 pm

    Two Russian nationals have been charged for their roles in a cybercrime spree that stole from thousands of individuals and organizations in the U.S. and abroad.

  • Your Bank Account Could Be Fueling Crime
    on December 4, 2019 at 7:17 am

    If you're moving money for someone you don’t know, you are likely helping launder money for online criminals who steal from individuals and small businesses.

  • African-American Agents Reflect on 100-Year Anniversary
    on December 2, 2019 at 1:30 am

    The anniversary of the first African-American FBI agent provided an opportunity for current and former African-American special agents to reflect on how far the Bureau has come in the past century—and where it still needs to go.

  • Avoid Holiday Shopping Scams
    on November 27, 2019 at 7:00 am

    When shopping online during the holiday season—or any time of year—always be wary of deals that seem too good to be true, and do your part to avoid becoming a scammer’s next victim.

  • 100 Years of FBI-RCMP Partnership
    on November 22, 2019 at 12:16 pm

    The FBI marks a century of collaboration with the Royal Canadian Mounted Police this year, and we look forward to continuing this invaluable partnership for many more years to come.

  • Hacker Sentenced
    on November 19, 2019 at 7:24 am

    A hacktivist who overwhelmed the websites of a city and its police department with DDoS attacks has been convicted and sentenced to prison.

  • Lone Offender Terrorism
    on November 13, 2019 at 8:00 am

    An FBI study of lone offender terrorist attacks in the U.S. looks at the backgrounds, behavioral characteristics, and circumstances surrounding 52 attacks since 1972.

  • 2018 Hate Crime Statistics Released
    on November 12, 2019 at 7:00 am

    The number of hate crime incidents reported to the FBI decreased slightly from 2017 to 2018, according to the Uniform Crime Reporting Program’s annual Hate Crime Statistics report.

  • Events Mark 100 Years of African-American Agents
    on November 8, 2019 at 3:33 pm

    Current and former African-American special agents joined the FBI Director in celebrating the 100th anniversary of the Bureau’s first African-American special agent, who was appointed in 1919 and set the course for generations to follow.

  • Serving with STEM
    on November 8, 2019 at 7:00 am

    Science, technology, engineering, and math are integral to nearly every FBI investigation. One FBI cryptanalyst who uses STEM skills daily to decipher codes and help solve cases is also hard at work promoting forensic science to the next generation.

  • No Average Call
    on November 7, 2019 at 10:34 am

    The FBI’s National Threat Operations Center works day and night to ensure each of the calls and electronic tips it receives is evaluated rapidly and handled appropriately.

  • The Case of the Stolen Lemur
    on November 6, 2019 at 9:56 am

    A man who broke into a California zoo after hours and stole an endangered ring-tailed lemur—the oldest in captivity in North America—will be spending time in prison.

  • Curbing Car Crimes
    on October 31, 2019 at 6:00 am

    On the 100th anniversary of the passage of the Dyer Act, which made interstate car theft a federal crime, we look back at how the law led to the FBI of today.

  • Director Addresses IACP
    on October 29, 2019 at 10:30 am

    At the International Association of Chiefs of Police annual conference, Director Christopher Wray discussed how the FBI’s commitment to work collaboratively with its law enforcement partners is one of four key leadership principles driving the Bureau’s work.

Kidnappings and Missing Persons

  • 2018 Hate Crimes Statistics Released
    on December 10, 2019 at 5:00 am

    The number of hate crime incidents reported to the FBI decreased slightly from 2017 to 2018, according to the Uniform Crime Reporting (UCR) Program’s annual Hate Crime Statistics report.

  • Second 2018 LEOKA Installment Released
    on November 26, 2019 at 7:00 am

    The second installment of the Law Enforcement Officers Killed and Assaulted, 2018 report includes data on law enforcement officers assaulted in the line of duty last year.

  • Fingerprint Technology Helps Solve Cold Case
    on November 12, 2019 at 6:30 am

    Advances in the Next Generation Identification system helped solve a 1999 Pennsylvania cold case. Two decades later, the perpetrator was sentenced for kidnapping and assault.

  • Las Vegas Metropolitan Police Department Wins 2018 Biometric Identification Award
    on October 30, 2019 at 7:30 am

    The Las Vegas Metropolitan Police Department won the 2018 Biometric Identification Award for its staff members’ diligent efforts using the FBI’s Next Generation Identification System to solve a 2016 sexual assault case.

  • Pilot Program Allows Electronic Fingerprint Submission for IdHSCs at Select Post Offices
    on October 15, 2019 at 7:00 am

    The FBI and U.S. Postal Service are offering a pilot program that allows the public to have their fingerprints scanned and submitted for identity history summary checks at select post office locations.

  • 2018 Crime Statistics Released
    on October 1, 2019 at 7:15 pm

    Both violent crime and property crime fell in 2018 from the previous year, according to the FBI’s annual crime statistics released on September 30.

  • N-DEx Assists Law Enforcement in New Mexico
    on September 17, 2019 at 11:56 am

    Three recent cases highlight how the FBI's National Data Exchange System helped the New Mexico Corrections Department nab several fugitives.

  • N-DEx System Helps Investigators Outwit Offenders
    on September 3, 2019 at 5:57 pm

    Criminal justice investigators across the nation use the FBI’s National Data Exchange (N-DEx) System in their daily work to connect people, places, things, and events—often across jurisdictional boundaries—that may at first glance seem unrelated.

  • N-DEx System Helps Law Enforcement Identify Offenders
    on August 20, 2019 at 1:06 pm

    Recent National Data Exchange (N-DEx) System successes include identifying a suspect in a homicide case, identifying a felon involved in a fraud case, and locating three probationers who traveled outside jurisdictions into neighboring states.

  • Special Processing Center Assists Law Enforcement in Identifying Victims and Offenders
    on August 7, 2019 at 6:00 am

    The FBI’s Special Processing Center has assisted law enforcement agencies around the country in various cases, including by identifying victims of a bombing and a bus crash, the offender in a shooting incident, and two unknown deceased individuals.

  • FACE Services Puts a Name with a Face
    on July 23, 2019 at 5:00 am

    The FBI's Facial Analysis, Comparison, and Evaluation Services Unit recently helped identify a victim in human trafficking case, which aided in the prosecution of her trafficker.

  • How Urban Law Enforcement Can Benefit from NIBRS
    on July 9, 2019 at 9:58 am

    On January 1, 2021, the FBI will retire the SRS and will collect crime statistics solely through NIBRS, which can help urban agencies foster accountability and transparency and plan for challenges like youth exposure to crime and business crime.

  • First LEOKA Installment of Year Released
    on June 25, 2019 at 3:30 am

    The first segment of Law Enforcement Officers Killed and Assaulted, 2018, which contains statistics for law enforcement officers killed in the line of duty in 2018, was recently released.

  • Change in Computing Platform May Affect Published Crime Data
    on June 11, 2019 at 1:00 am

    The Uniform Crime Reporting Program has transitioned from its legacy data collection system to a more modern reporting platform. This change may result in differences in UCR data from previous years. Program participants should use caution when analyzing data.

  • CJIS Link
    on June 2, 2016 at 10:12 am

    The CJIS Link is a publication that tells our partners about new services and system capabilities, as well as relevant changes in policy.

FBI Intelligence