Threats

Note: Most of my rss feeds on this page are currently broken. Sorry about that. Please consider the “Threats” section under construction for now.

Department of State

The Dept of State has several threat rss feeds, but they aren’t always up.

DHS

Threat information from the Department of Homeland Security (DHS), including the National Terrorism Advisory System and Cybersecurity alerts.

National Terrorism Advisory System (NTAS) Alerts

    Feed has no items.

Cybersecurity

  • AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor
    by CISA on July 2, 2020 at 1:00 am

    Original release date: July 1, 2020 | Last revised: July 2, 2020SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This advisory—written by the Cybersecurity Security and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation (FBI)—highlights risks associated with Tor, along with technical details and recommendations for mitigation. Cyber threat actors can use Tor software and network infrastructure for anonymity and obfuscation purposes to clandestinely conduct malicious cyber operations.[1],[2],[3] Tor (aka The Onion Router) is software that allows users to browse the web anonymously by encrypting and routing requests through multiple relay layers or nodes. This software is maintained by the Tor Project, a nonprofit organization that […]

  • AA20-182A: EINSTEIN Data Trends – 30-day Lookback
    by CISA on June 30, 2020 at 2:34 pm

    Original release date: June 30, 2020SummaryCybersecurity and Infrastructure Security Agency (CISA) analysts have compiled the top detection signatures that have been the most active over the month of May in our national Intrusion Detection System (IDS), known as EINSTEIN. This information is meant to give the reader a closer look into what analysts are seeing at the national level and provide technical details on some of the most active threats. IDS is a network tool that uses sensors to monitor inbound and outbound traffic to search for any type of suspicious activity or known threats, alerting analysts when a specific traffic pattern matches with an associated threat. IDS allows users to deploy signatures on these boundary sensors to look for the specific pattern, or network indicator, associated with a known threat. The EINSTEIN Program is an automated process for collecting, correlating, analyzing, and sharing computer security information across the federal civilian departments […]

  • AA20-133A: Top 10 Routinely Exploited Vulnerabilities
    by CISA on May 12, 2020 at 1:00 pm

    Original release date: May 12, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors. This alert provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)[1]—to help organizations reduce the risk of these foreign threats. Foreign cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations. Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available. The public and […]

  • AA20-126A: APT Groups Target Healthcare and Essential Services
    by CISA on May 5, 2020 at 12:58 pm

    Original release date: May 5, 2020SummaryThis is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC continue to see indications that advanced persistent threat (APT) groups are exploiting the Coronavirus Disease 2019 (COVID-19) pandemic as part of their cyber operations. This joint alert highlights ongoing activity by APT groups against organizations involved in both national and international COVID-19 responses. It describes some of the methods these actors are using to target organizations and provides mitigation advice. The joint CISA-NCSC Alert: (AA20-099A) COVID-19 Exploited by Malicious Cyber Actors from April 8, 2020, previously detailed the exploitation of the COVID-19 pandemic by cybercriminals and APT groups. This joint CISA-NCSC Alert provides an update to ongoing malicious cyber activity relating to COVID-19. […]

  • AA20-120A: Microsoft Office 365 Security Recommendations
    by CISA on April 29, 2020 at 2:41 pm

    Original release date: April 29, 2020SummaryAs organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services. Due to the speed of these deployments, organizations may not be fully considering the security configurations of these platforms. This Alert is an update to the Cybersecurity and Infrastructure Security Agency's May 2019 Analysis Report, AR19-133A: Microsoft Office 365 Security Observations, and reiterates the recommendations related to O365 for organizations to review and ensure their newly adopted environment is configured to protect, detect, and respond against would be attackers of O365. Technical DetailsSince October 2018, the Cybersecurity and Infrastructure Security Agency (CISA) has conducted several engagements with customers who have migrated to cloud-based collaboration solutions like O365. In recent weeks, […]

  • AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching
    by CISA on April 16, 2020 at 1:21 pm

    Original release date: April 16, 2020 | Last revised: June 30, 2020SummaryNote: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update to Cybersecurity and Infrastructure Security Agency (CISA) Alert AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability, which advised organizations to immediately patch CVE-2019-11510—an arbitrary file reading vulnerability affecting Pulse Secure virtual private network (VPN) appliances.[1] CISA is providing this update to alert administrators that threat actors who successfully exploited CVE-2019-11510 and stole a victim organization’s credentials will still be able to access—and move laterally through—that organization’s network after the organization has patched this vulnerability if the organization did not […]

  • AA20-106A: Guidance on the North Korean Cyber Threat
    by CISA on April 15, 2020 at 12:31 pm

    Original release date: April 15, 2020 | Last revised: June 23, 2020SummaryThe U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international community, network defenders, and the public. The advisory highlights the cyber threat posed by North Korea – formally known as the Democratic People’s Republic of Korea (DPRK) – and provides recommended steps to mitigate the threat. In particular, Annex 1 lists U.S. government resources related to DPRK cyber threats and Annex 2 includes a link to the UN 1718 Sanctions Committee (DPRK) Panel of Experts reports. The DPRK’s malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system. Under the pressure of robust U.S. and UN […]

  • AA20-099A: COVID-19 Exploited by Malicious Cyber Actors
    by CISA on April 8, 2020 at 12:00 pm

    Original release date: April 8, 2020SummaryThis is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic. It includes a non-exhaustive list of indicators of compromise (IOCs) for detection as well as mitigation advice. Both CISA and NCSC are seeing a growing use of COVID-19-related themes by malicious cyber actors. At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations. APT groups and cybercriminals are targeting individuals, small and medium enterprises, and large organizations with COVID-19-related scams and phishing […]

  • AA20-073A: Enterprise VPN Security
    by CISA on March 13, 2020 at 12:08 pm

    Original release date: March 13, 2020 | Last revised: April 15, 2020SummaryAs organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. As organizations elect to implement telework, the Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to adopt a heightened state of cybersecurity.Technical DetailsThe following are cybersecurity considerations regarding telework. As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors. As VPNs are 24/7, organizations are less likely to keep them updated with the latest security updates and patches. Malicious cyber actors may increase phishing emails targeting teleworkers to steal […]

  • AA20-049A: Ransomware Impacting Pipeline Operations
    by CISA on February 18, 2020 at 1:06 pm

    Original release date: February 18, 2020 | Last revised: June 30, 2020SummaryNote: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and ATT&CK for Industrial Control Systems (ICS) frameworks for all referenced threat actor techniques and mitigations. The Cybersecurity and Infrastructure Security Agency (CISA) encourages asset owner operators across all critical infrastructure sectors to review the below threat actor techniques and ensure the corresponding mitigations are applied. CISA responded to a cyberattack affecting control and communication assets on the operational technology (OT) network of a natural gas compression facility. A cyber threat actor used a Spearphishing Link [T1192] to obtain initial access to the organization’s information technology (IT) network before pivoting to its OT network. The threat actor then deployed commodity ransomware to […]

DOJ and FBI

Information from the Department of Justice (DOJ) and the FBI focused on federal law enforcement, significant cases in the news, and other alerts.

FBI Top Stories

  • Rescuing Victims of Child Sexual Abuse
    on July 1, 2020 at 7:00 am

    The FBI's Endangered Child Alert Program and Operation Rescue Me initiative support an urgent effort to identify and aid the young victims being harmed in images of child sexual abuse.

  • An Inside Job
    on June 24, 2020 at 7:00 am

    Three roommates planned out a profitable bank heist with a movie-worthy plot twist. Unfortunately for the criminals, the story’s ending was written by the FBI and our partners.

  • Stopping Hackers in Their Tracks
    on June 17, 2020 at 7:00 am

    When an Atlanta tech company fell victim to a hacker, its quick reaction and collaboration with the FBI helped find and convict the culprit.

  • An ‘Empathetic Pioneer’
    on June 10, 2020 at 10:00 am

    Over nearly two decades, Kathryn Turman has developed and shaped the FBI's approach to victim services and achieved an abiding life goal to make a contribution.

  • Staying Safe During the COVID-19 Pandemic
    on June 5, 2020 at 7:30 am

    Learn how to protect yourself, your family, and your wallet from emerging crimes against children and financial scams related to the COVID-19 crisis.

  • Billion-Dollar Secrets Stolen
    on May 27, 2020 at 6:53 am

    A scientist working for a U.S. energy company in Oklahoma was sentenced for stealing valuable trade secrets for the benefit of a Chinese firm.

  • Health Care Fraud Ring Busted
    on May 13, 2020 at 9:25 am

    A youth football coach and his co-conspirators have been sentenced for stealing millions of dollars from Medicaid by using children’s information to bill for fake mental health treatments.

  • IC3 Marks 20 Years
    on May 8, 2020 at 1:30 pm

    The crimes catalogued by the Internet Crime Complaint Center mirror the evolution of the web across two decades—growing in sophistication and number as the internet grows ever more essential to our lives.

  • Giving Families a Lift
    on April 29, 2020 at 2:00 pm

    To honor the memory of the daughter of a retired agent, FBI volunteers help law enforcement families with sick children receiving treatment at Children's Hospital of Philadelphia.

  • Child Predator Jailed for Life
    on April 22, 2020 at 7:37 am

    An FBI agent who has dedicated much of his career to pursuing those who exploit children shares the details of one investigation and offers tips for parents and caregivers on keeping kids safe.

  • Protect Yourself from Pandemic Scammers
    on April 6, 2020 at 7:00 am

    The head of our Financial Crimes Section discusses scams and crimes related to the COVID-19 pandemic and offers tips on how to protect yourself.

  • Corruption Ring Disrupted
    on March 16, 2020 at 7:00 am

    A county executive in Missouri and one of his campaign donors have been convicted and sentenced for their roles in a pay-to-play bribery scheme.

  • FBI Top Ten List Turns 70
    on March 12, 2020 at 12:30 pm

    The FBI looks back at seven decades of the Ten Most Wanted Fugitives program—from the creation of the famous list in 1950 to the modern-day ways we’re reaching out to the public about dangerous offenders.

  • Celebrating Women Special Agents: Joanne Pierce Misko
    on July 17, 2012 at 2:30 pm

    Joanne Pierce Misko was a nun in New York for 10 years before joining the FBI in 1970 as a researcher. In 1972 she become one of the first women special agents.

  • Celebrating Women Special Agents: Susan Roley Malone
    on July 17, 2012 at 2:30 pm

    Susan Roley Malone was in the Marine Corps when the FBI opened new-agent training to women. “I was encouraged by my friends and my own desires, and I applied.”

Kidnappings and Missing Persons

FBI Intelligence

    Feed has no items.