FBI, NSA, and CISA Warn Organizations to Watch Out for Conti Ransomware

Biden admin issues new security guidance to CI firms, REvil gang is stealing from affiliates, Second agricultural business hit with a ransomware attack, Bitcoin.org compromised by bad actors, more

The FBI, the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning that U.S. organizations should watch out for Conti ransomware, affecting 400 U.S. and international groups.

The alert recommends a series of mitigations to protect against Conti, including requiring multi-factor authentication (MFA), implementing network segmentation, and keeping operating systems and software up to date. (Maggie Miller / The Hill)

Related: TechNadu, Security Affairs, ZDNet, CISA, Cyberscoop, Wired, CISA

In response to the ongoing ransomware attacks and other cybersecurity incidents that U.S. companies have experienced this year, the Biden administration issued new security guidance to critical infrastructure firms.

The guidance includes an initial crosswalk of available control system resources and recommended practices produced by the government and the private sector. It spells out preliminary goals and objectives that organizations, mainly industrial cybersecurity firms, should follow to “provide a common understanding of the baseline security practices that critical infrastructure owners and operators should follow to protect national and economic security, as well as public health and safety.” (Sean Lyngaas / CNN)

Related: DHS, CISA, Washington Post

Security researchers and malware developers have confirmed that cybercriminals slowly realize that REvil ransomware operators may hijack ransom negotiations to cut affiliates out of payments.

Security researcher Yelisey Boguslavskiy, head of research at Advanced Intel, says that since at least 2020, various actors on underground forums claimed that the RaaS (ransomware as a service) operators were taking over negotiations with victims in secret chats, unbeknownst to affiliates. He says that REvil admins have been opening a second chat to negotiate a ransom with the victim, identical to the one used by their affiliates. (Ionut Ilascu / Bleeping Computer)

Related: Security News | Tech Times, Threatpost

A second agricultural business, Crystal Valley, a Minnesota-based farm supply and grain marketing cooperative, has been hit with a ransomware attack.

The firm confirmed in a Facebook post that the attack took down its systems on September 19. The attack follows an earlier ransomware incident this week that crippled Iowa grain cooperative New Cooperative. (Lisa Vaas / Threatpost)

Related: Facebook, ZDNet, TechNadu, Security Week

Researchers at ESET have discovered a new APT espionage group they call FamousSparrow that targets governments, international organizations, engineering firms, legal companies, and the hospitality sector.

The group's victims are in Europe, the United Kingdom, Israel, Saudi Arabia, Taiwan, Burkina Faso in West Africa, and the Americas, including Brazil, Canada, and Guatemala. FamousSparrow joined at least ten other APT groups that exploited ProxyLogon, a chain of zero-day vulnerabilities disclosed in March which was used to compromise Microsoft Exchange servers worldwide. (Charlie Osborne / ZDNet)

Related: BetaNews, WeLiveSecurity

Get 50% off for 1 year

Email security company Cloudmark, owned by Proofpoint, says that a new form of malware that experts refer to as "TangleBot" relies on interest in COVID-19 to trick Android users in the U.S and Canada into clicking on a link that will infect their cell phones.

The malware sends Android users a text message claiming to have the latest COVID-19 guidance in their area or informs them that their third COVID-19 vaccine appointment has been scheduled. TangleBot can access users’ microphones, cameras, SMS, call logs, internet, and GPS locations. (Musadiq Bidar / CBS News)

Related: Technology News | News Break, Security News | Tech Times, The Hacker News, CloudMark

A Justice Department interagency committee known as Team Telecom is investigating Zoom Video Communications’ deal to buy American customer-service software company F9, citing potential national-security risks posed by the U.S. videoconferencing giant’s China ties.

The Department is asking the Federal Communications Commission to defer its license transfer review process, a formal regulatory proceeding for deals involving communications licenses, pending the Team Telecom review. (Kate O’Keeffe, Aaron Tilley, and Dawn Lim / Wall Street Journal)

Related: The Register - Security, FCC

According to researchers at WizCase, more than one terabyte of data containing 5.5 million files were left exposed, leaking personal information of over 100,000 customers of Colombian real estate firm Coninsa Ramon H.

The data exposure stemmed from a misconfigured AWS S3 bucket, exposing sensitive information such as clients' names, photos, and addresses. (Ravie Lakshmanan / The Hacker News)

Related: WizCase

Share Metacurity

Malicious actors appeared to have compromised education resource site Bitcoin.org to promote dubious giveaways.

Early Thursday morning, Bitcoin.org displayed a pop-up page that asks users to send bitcoin to a dedicated address with promises they will receive a doubled amount in return. Domain hosting site Namecheap temporarily disabled the Bitcoin.org domain, which was inaccessible at the time of publication. (Wolfie Zhao / The Block)

Related: Invezz, Coindesk, Invezz,

Twitter avatar for @vxundergroundvx-underground @vxunderground
Bitcoin.org has been breached. Visiting the website displays the classic 'double your money' scam. The scammers have profited (as of this writing) roughly $17,000. #Bitcoin

Korean technology giant LG Electronics announced that it would buy Cybellum, an Israeli automotive cybersecurity specialist, in a deal worth $240 million.

The deal comes in multiple parts. First, LG will take a 64% stake in Cybellum for $140 million, and it will contribute a further $20 million in the form of a simple agreement for future equity (SAFE) note, “upon conclusion of the trading process in the fourth quarter.” Then LG will acquire the remaining shares at an unspecified future date. (Ingrid Lunden / TechCrunch)

Related: ZDNet Security, Reddit - cybersecurity, The Times of Israel

FireEye will officially change its name to Mandiant on October 4 and begin trading on the Nasdaq as MNDT.

The change follows its June announcement that it agreed to sell the FireEye Products business, including the FireEye name, to a consortium led by Symphony Technology Group. (Stephen Nakrosis / Marketwatch)

Related: Channel Futures, Business Wire, GovConWire

Photo by Executium on Unsplash