Threats

Note: Most of my rss feeds on this page are currently broken. Sorry about that. Please consider the “Threats” section under construction for now.

Department of State

The Dept of State has several threat rss feeds, but they aren’t always up.

DHS

Threat information from the Department of Homeland Security (DHS), including the National Terrorism Advisory System and Cybersecurity alerts.

National Terrorism Advisory System (NTAS) Alerts

    Feed has no items.

Cybersecurity

  • AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability
    by CISA on June 17, 2019 at 1:37 pm

    Original release date: June 17, 2019SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions:Windows 2000Windows VistaWindows XPWindows 7Windows Server 2003Windows Server 2003 R2Windows Server 2008Windows Server 2008 R2An attacker can exploit this vulnerability to take control of an affected system.     Technical DetailsBlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows OSs listed above. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system. According to Microsoft, an attacker can send specially crafted packets to one of these operating systems that has RDP enabled.[1] After successfully sending the […]

  • AA19-122A: New Exploits for Unsecure SAP Systems
    by CISA on May 2, 2019 at 10:54 pm

    Original release date: May 2, 2019 | Last revised: May 3, 2019SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target unsecure configurations of SAP components. [1]Technical DetailsA presentation at the April 2019 Operation for Community Development and Empowerment (OPCDE) cybersecurity conference describes SAP systems with unsecure configurations exposed to the internet. Typically, SAP systems are not intended to be exposed to the internet as it is an untrusted network. Malicious cyber actors can attack and compromise these unsecure systems with publicly available exploit tools, termed “10KBLAZE.” The presentation details the new exploit tools and reports on systems exposed to the internet.SAP Gateway ACLThe SAP Gateway allows non-SAP applications to communicate with SAP applications. If SAP Gateway access control lists (ACLs) are not configured properly (e.g., gw/acl_mode = […]

  • AA19-024A: DNS Infrastructure Hijacking Campaign
    by CISA on January 24, 2019 at 8:01 pm

    Original release date: January 24, 2019 | Last revised: February 13, 2019SummaryThe National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.See the following links for downloadable copies of open-source indicators of compromise (IOCs) from the sources listed in the References section below:IOCs (.csv)IOCs (.stix)Note: these files were last updated February 13, 2019, to remove the following three non-malicious IP addresses:107.161.23.204192.161.187.200209.141.38.71Technical […]

  • AA18-337A: SamSam Ransomware
    by CISA on December 3, 2018 at 4:18 pm

    Original release date: December 3, 2018SummaryThe Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.The SamSam actors targeted multiple industries, including some within critical infrastructure. Victims were located predominately in the United States, but also internationally. Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms.The actors exploit […]

  • TA18-331A: 3ve – Major Online Ad Fraud Operation
    by CISA on November 27, 2018 at 5:09 pm

    Original release date: November 27, 2018Systems AffectedMicrosoft WindowsOverviewThis joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation—referred to by the U.S. Government as "3ve"—involving the control of over 1.7 million unique Internet Protocol (IP) addresses globally, when sampled over a 10-day window.DescriptionOnline advertisers desire premium websites on which to publish their ads and large numbers of visitors to view those ads. 3ve created fake versions of both (websites and visitors), and funneled the advertising revenue to cyber criminals. 3ve obtained control over 1.7 million unique IPs by leveraging victim computers infected with Boaxxe/Miuref and Kovter malware, as well as Border Gateway Protocol-hijacked IP […]

  • AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
    by CISA on October 11, 2018 at 3:19 pm

    Original release date: October 11, 2018SummaryThis report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5]In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world. The five tools are:Remote Access Trojan: JBiFrostWebshell: China ChopperCredential Stealer: MimikatzLateral Movement Framework: PowerShell EmpireC2 Obfuscation and Exfiltration: HUC Packet TransmitterTo aid the work of network defenders and systems administrators, we also provide advice on limiting the effectiveness of these tools and detecting their use on a network.The individual tools we cover in this report are limited examples of the types of tools used by threat actors. You should not consider this an exhaustive list when planning your network defense.Tools and techniques for exploiting networks and the […]

  • TA18-276B: Advanced Persistent Threat Activity Exploiting Managed Service Providers
    by CISA on October 3, 2018 at 11:47 am

    Original release date: October 3, 2018Systems AffectedNetwork SystemsOverviewThe National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016, APT actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims in several U.S. critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.This Technical Alert (TA) provides information and guidance to assist MSP customer network and system administrators with the detection of malicious activity on their networks and systems and the mitigation of associated risks. This TA includes an overview of TTPs used by APT actors in MSP network environments, recommended mitigation techniques, and information on […]

  • TA18-276A: Using Rigorous Credential Control to Mitigate Trusted Network Exploitation
    by CISA on October 3, 2018 at 11:00 am

    Original release date: October 3, 2018Systems AffectedNetwork SystemsOverviewThis technical alert addresses the exploitation of trusted network relationships and the subsequent illicit use of legitimate credentials by Advanced Persistent Threat (APT) actors. It identifies APT actors' tactics, techniques, and procedures (TTPs) and describes the best practices that could be employed to mitigate each of them. The mitigations for each TTP are arranged according to the National Institute of Standards and Technology (NIST) Cybersecurity Framework core functions of Protect, Detect, Respond, and Recover.DescriptionAPT actors are using multiple mechanisms to acquire legitimate user credentials to exploit trusted network relationships in order to expand unauthorized access, maintain persistence, and exfiltrate data from targeted organizations. Suggested best practices for administrators to mitigate this threat include auditing credentials, remote-access logs, and controlling privileged access […]

  • TA18-275A: HIDDEN COBRA – FASTCash Campaign
    by CISA on October 2, 2018 at 3:45 pm

    Original release date: October 2, 2018 | Last revised: December 21, 2018Systems AffectedRetail Payment SystemsOverviewThis joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Department of the Treasury (Treasury), and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS, Treasury, and FBI identified malware and other indicators of compromise (IOCs) used by the North Korean government in an Automated Teller Machine (ATM) cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.FBI has high confidence that HIDDEN COBRA actors are using the IOCs listed in this report to maintain a presence on victims’ networks to enable network exploitation. DHS, FBI, and Treasury are […]

  • TA18-201A: Emotet Malware
    by CISA on July 20, 2018 at 9:24 pm

    Original release date: July 20, 2018Systems AffectedNetwork SystemsOverviewEmotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.This joint Technical Alert (TA) is the result of Multi-State Information Sharing & Analysis Center (MS-ISAC) analytic efforts, in coordination with the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC).DescriptionEmotet continues to be among the most costly and destructive malware affecting SLTT governments. Its worm-like features result in rapidly spreading network-wide infection, which are difficult to combat. Emotet infections have cost SLTT governments up to $1 million per incident to remediate.Emotet is an advanced, modular banking Trojan that primarily […]

DOJ and FBI

Information from the Department of Justice (DOJ) and the FBI focused on federal law enforcement, significant cases in the news, and other alerts.

FBI Top Stories

  • Operation Summer
    on August 16, 2019 at 9:44 am

    This year’s outgoing FBI honors interns share their experiences and advice as the application period opens for the summer 2020 program.

  • RCFLs Follow the Modern Evidence Trail
    on August 12, 2019 at 5:00 am

    The FBI supports a nationwide network of Regional Computer Forensics Laboratories that help state, local, and federal law enforcement retrieve and analyze evidence from computers, phones, and other digital tools.

  • Retirement Reunion
    on August 9, 2019 at 2:42 pm

    At his retirement ceremony, the outgoing special agent in charge of the Knoxville Field Office was able to meet the man he recovered as an infant following a 1997 kidnapping in Washington state.

  • Military Fraudster Sentenced
    on July 31, 2019 at 7:00 am

    A South Carolina charity that purported to send military families on vacations to Disney World simply lined the pockets of its founder, who has been sentenced to prison.

  • ICCS 2019
    on July 25, 2019 at 1:49 pm

    FBI Director Christopher Wray discussed cyber threats—including foreign influence and foreign investment—as well as the Bureau’s cyber capabilities at the International Conference on Cyber Security in New York.

  • Stolen Trust
    on July 23, 2019 at 9:15 am

    A Tennessee attorney is spending time behind bars for stealing more than $1 million from a trust set up on behalf of the daughter of a fallen law enforcement officer.

  • Family Fraudsters
    on July 19, 2019 at 7:00 am

    A father and son who carried out a loan fraud scheme that caused more than 100 unsuspecting investors in their advertising company to lose $63 million have been convicted and sentenced.

  • The Homegrown Threat
    on July 16, 2019 at 7:00 am

    A list of nearly four dozen indicators that someone might be planning to commit an act of extremist violence is contained in a newly updated publication released by the country’s foremost counterterrorism organizations.

  • Airport Terrorist Sentenced
    on July 8, 2019 at 9:33 am

    The FBI and Royal Canadian Mounted Police teamed up to investigate the the stabbing of an airport police officer in Michigan, which led to a terrorism conviction and life sentence for the Canadian perpetrator.

  • Workers’ Compensation Fraud
    on July 2, 2019 at 10:36 am

    For years, a San Diego-based fraud ring cheated the California workers’ compensation system and private insurance out of millions of dollars. The conspirators are now serving prison sentences.

  • Early Terrorism Investigation
    on June 28, 2019 at 8:30 am

    A series of bombings in 1919 had a profound impact on the young Bureau, with the organization gaining new resources and valuable experience in addressing national security threats as it evolved into the modern-day FBI.

  • Fighting for the Dogs
    on June 25, 2019 at 9:00 am

    Civil forfeiture laws are helping the FBI and its partners get dogs rescued from dogfighting rings positioned to be treated, rehabilitated, and moved into better situations.

  • No Safe Haven
    on June 24, 2019 at 6:00 am

    A recent case shows Cuba will seize property and bank accounts that criminals attempt to illegally shelter on the island.

  • Protecting Faith Communities
    on June 20, 2019 at 12:00 pm

    The FBI invited faith leaders to FBI Headquarters for a discussion on keeping houses of worship safe.

  • Gone Phishing
    on June 13, 2019 at 5:00 am

    A fraudster who conducted a text message-based phishing scam to steal bank information—and used that information to steal thousands of dollars from victims—is now behind bars.

Kidnappings and Missing Persons

  • Special Processing Center Assists Law Enforcement in Identifying Victims and Offenders
    on August 7, 2019 at 6:00 am

    The FBI’s Special Processing Center has assisted law enforcement agencies around the country in various cases, including by identifying victims of a bombing and a bus crash, the offender in a shooting incident, and two unknown deceased individuals.

  • FACE Services Puts a Name with a Face
    on July 23, 2019 at 5:00 am

    The FBI's Facial Analysis, Comparison, and Evaluation Services Unit recently helped identify a victim in human trafficking case, which aided in the prosecution of her trafficker.

  • How Urban Law Enforcement Can Benefit from NIBRS
    on July 9, 2019 at 9:58 am

    On January 1, 2021, the FBI will retire the SRS and will collect crime statistics solely through NIBRS, which can help urban agencies foster accountability and transparency and plan for challenges like youth exposure to crime and business crime.

  • First LEOKA Installment of Year Released
    on June 25, 2019 at 3:30 am

    The first segment of Law Enforcement Officers Killed and Assaulted, 2018, which contains statistics for law enforcement officers killed in the line of duty in 2018, was recently released.

  • Change in Computing Platform May Affect Published Crime Data
    on June 11, 2019 at 1:00 am

    The Uniform Crime Reporting Program has transitioned from its legacy data collection system to a more modern reporting platform. This change may result in differences in UCR data from previous years. Program participants should use caution when analyzing data.

  • Criminal Justice Agencies Invited to Review and Comment on New N-DEx IEPD
    on May 28, 2019 at 11:04 am

    The National Data Exchange (N-DEx) System’s Information Exchange Package Documentation (IEPD) is available for public review and comments until July 9, 2019.

  • Ohio and Tennessee Enroll as National Use-of-Force Data Collection Bulk Contributors
    on May 14, 2019 at 10:11 am

    Ohio and Tennessee are early enrollers for bulk submissions of use-of-force incidents in the FBI’s new National Use of Force Data Collection.

  • National Palm Print System
    on April 30, 2019 at 7:30 am

    The FBI’s National Palm Print System (NPPS) has dramatically improved law enforcement access to palm prints previously stored within local, state, tribal, and federal law enforcement agency databases.

  • 2019 Preliminary Data on Law Enforcement Officer Deaths Available
    on April 16, 2019 at 8:00 am

    The FBI’s Law Enforcement Officers Killed and Assaulted Program frequently updates the preliminary data on officer deaths for the current year on its webpage on fbi.gov.

  • NIBRS: 30 FAQs
    on April 3, 2019 at 7:43 am

    The UCR Program will transition from the Summary Reporting System to the National Incident Based Reporting System by January 1, 2021. The CJIS Division has compiled a list of 30 frequently asked questions you may have about the transition.

  • 2018 Preliminary Semiannual Uniform Crime Report Released
    on March 19, 2019 at 1:32 pm

    The 2018 Preliminary Semiannual Uniform Crime Report, released February 26, shows declines in both violent crime and property crime in the first half of 2018.

  • N-DEx System Helps Investigators Outwit Offenders
    on March 6, 2019 at 2:50 pm

    The FBI’s National Data Exchange (N-DEx) System proves instrumental in helping officers identify and locate probation absconders, felony warrant subjects, and a violent gang member.

  • CJIS Division: 2018 Year in Review
    on February 19, 2019 at 3:31 pm

    The 2018 Year in Review demonstrates the CJIS Division’s commitment to provide the best possible tools to help its partners fight crime and terrorism.

  • 2017 NIBRS Crime Data Released
    on February 5, 2019 at 1:20 pm

    The FBI released information on more than 6 million criminal offenses submitted to its National Incident-Based Reporting System last year, as law enforcement continues transitioning to the more robust system.

  • CJIS Link
    on June 2, 2016 at 10:12 am

    The CJIS Link is a publication that tells our partners about new services and system capabilities, as well as relevant changes in policy.

FBI Intelligence