Cyber Command News | CYBERCOM Or USCYBERCOM Alerts For Cyber Threats
Current News Flashes
Privacy Is Important! Defcon Level Warning System currently highly recommends Express VPN to browse privately & securely. Use This Link to get 30 free days.
Want To Support What We Do? Keeping alerts, intel and news as informative and timely as possible takes a lot of research, time, effort and financial investment for required tools and services. There are many ways you can Contribute or Subscribe to Defcon Level Warning System today, for live email updates, early access for and exclusive news and alerts while supporting our work in the process. No contribution is too small. Thank you!
September 1, 2023 - USSCOCOM Awards Contract To Deploy Artificial Intelligence (AI) Tool To Detect Disinformation Threats. What the AI threat detection software Argus does, and its potential to be used as a tool to target Americans Read more
August 17, 2023 - Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications. The malicious apps enable theft of personally identifiable information (PII), financial account access, or device takeover. Read more
August 16, 2023 - Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications. The malicious apps enable theft of personally identifiable information (PII), financial account access, or device takeover. Read more
August 15, 2023 - Milestone In Power Grid Optimization On World’s First Exascale Supercomputer. In the largest simulation of its kind to date, Oak Ridge Lab's Frontier allowed researchers to determine safe and cost-optimal power grid setpoints over 100,000 possible grid failures and weather scenarios in just 20 minutes. Read more
August 11, 2023 - DOD Announces Establishment Of Generative Artificial Intelligence (AI) Task Force. "We must also consider the extent to which our adversaries will employ this technology and seek to disrupt our own use of AI-based solutions". Read more
August 5, 2023 - Cyberattack Hits Medical Facilities In Multiple US States. Hospitals had to go back to using old-fashioned ways of record keeping, such as using pen and paper instead of computers to input and store information on patients. Read more
July 8, 2023 - Increased Truebot Activity Infects U.S. and Canada Based Networks. Truebot is a botnet that has been used by malicious cyber groups like CL0P Ransomware Gang to collect and exfiltrate information from its target victims. Read more
June 15, 2023 - Threat Actors Exploit Vulnerabilities in Multiple U.S. Government Servers. "Analysts determined that multiple cyber threat actors, including an advanced persistent threat (APT) actor, were able to exploit a .NET deserialization vulnerability". Read more
June 3rd, 2023 - The FBI released a joint CSA with our USG and South Korean partners detailing the operations of Kimsuky cyber actors, a subset of DPRK cyber actors. It outlines warning signs of spearphishing campaigns. Read more
˅
˅
USSCOCOM Awards Contract To Deploy AI Tool To Detect Disinformation Threats - Accrete states that Argus is capable of countering misinformation, detecting insider threats, supply chain influence, anti-money laundering, competitive intelligence, and background checking.
NEW YORK - After U.S. Special Operations Command (USSOCOM) awarded Accrete with a five-year multi-million dollar Other Transaction Production (OT-P) software licensing contract for a duel-use open-source anomaly/threat detection software called Argus in 2021, the company has now been awarded a new contract to deploy the AI detection software to detect "disinformation threats" on social media, and other online platforms.
According to Accrete, Argus is a "real-time" and "continuously learning" AI threat detection software with the ability to "learn from sparse data" and configurable to be used for social media intelligence, reverse engineering, and logistics disruption for both governmental uses, as well as commercial. What The AI Threat Detection Software Does, And Its Potential To Be Used As A Tool To Target Americans: Read Full Report.
Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications - The malicious apps enable theft of personally identifiable information (PII), financial account access, or device takeover.
Federal Bureau of Investigation (FBI): The FBI is warning the public that cybercriminals are embedding malicious code in mobile beta-testing applications (apps) to defraud potential victims.
Beta-testing apps are online services for testing of mobile apps prior to official release. The beta apps typically are not subject to mobile operating systems review processes.
Apps Enable Theft Of Personal Information, Financial Account Access, Device Takeover: The malicious apps enable theft of personally identifiable information (PII), financial account access, or device takeover. The apps may appear legitimate by using names, images, or descriptions similar to popular apps. Read Full Statement.
Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications - The malicious apps enable theft of personally identifiable information (PII), financial account access, or device takeover.
Federal Bureau of Investigation (FBI): The FBI is warning the public that cybercriminals are embedding malicious code in mobile beta-testing applications (apps) to defraud potential victims.
Beta-testing apps are online services for testing of mobile apps prior to official release. The beta apps typically are not subject to mobile operating systems review processes.
Apps Enable Theft Of Personal Information, Financial Account Access, Device Takeover: The malicious apps enable theft of personally identifiable information (PII), financial account access, or device takeover. The apps may appear legitimate by using names, images, or descriptions similar to popular apps.
Cybercriminals often use phishing or romance scams to establish communications with the victim, then direct the victim to download a mobile beta-testing app housed within a mobile beta-testing app environment, promising incentives such as large financial payouts. Read Full Report
Milestone In Power Grid Optimization On World’s First Exascale Supercomputer - Lawrence Livermore National Laboratory (LLNL): In the largest simulation of its kind to date, Oak Ridge Lab's Frontier allowed researchers to determine safe and cost-optimal power grid setpoints over 100,000 possible grid failures and weather scenarios in just 20 minutes.
Ensuring the nation’s electrical power grid can function with limited disruptions in the event of a natural disaster, catastrophic weather or a manmade attack is a key national security challenge.
Compounding the challenge of grid management is the increasing amount of renewable energy sources such as solar and wind that are continually added to the grid, and the fact that solar panels and other means of distributed power generation are hidden to grid operators.
To advance the modeling and computational techniques needed to develop more efficient grid-control strategies under emergency scenarios, a multi-institutional team has used a Lawrence Livermore National Laboratory (LLNL)-developed software capable of optimizing the grid’s response to potential disruption events under different weather scenarios, on Oak Ridge National Laboratory (ORNL)’s Frontier supercomputer.
Reaching A Milestone: Exascale Speeds Of More Than One Quintilian Calculations Per Second: Read Full Report.
DOD Announces Establishment Of Generative Artificial Intelligence (AI) Task Force - "We must also consider the extent to which our adversaries will employ this technology and seek to disrupt our own use of AI-based solutions".
Department of Defense: Today, the Department of Defense (DoD) announced the establishment of a generative artificial intelligence (AI) task force, an initiative that reflects the DoD's commitment to harnessing the power of artificial intelligence in a responsible and strategic manner. Read More.
Cyberattack Hits Medical Facilities In Multiple US States - UNITED STATES - A cyberattack hit over a hundred medical facilities in five different U.S. states Friday, including sixteen hospitals, forcing them to close down emergency rooms and redirect ambulances.
After ransomware was found on the computer systems of Prospect Medical Holdings, which is a company that owns hospitals and at least 165 outpatient facilities in Connecticut, California, Pennsylvania, and Rhode Island, the company chose to take its national computer system offline on Tuesday according to Nina Kruse, who is a spokesperson for Eastern Connecticut Health Network, owned by Prospect.
Kruse said that as a result of the cyberattack, the hospitals have had to go back to using old-fashioned ways of record keeping, such as using pen and paper instead of computers to input and store information on patients. Read More
Increased Truebot Activity Infects U.S. and Canada Based Networks - Truebot is a botnet that has been used by malicious cyber groups like CL0P Ransomware Gang to collect and exfiltrate information from its target victims.. Read More On Patreon | Read On Defcon Alerts.
CISA/FBI/MS-ISAC/CCCS - The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Center for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory (CSA) in response to cyber threat actors leveraging newly identified Truebot malware variants against organizations in the United States and Canada.
Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers - Cybersecurity and Infrastructure Security Agency (CISA) Joint Cybersecurity Advisory: "From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Read More On Patreon | Read More On Defcon Alerts.
Analysts determined that multiple cyber threat actors, including an advanced persistent threat (APT) actor, were able to exploit a .NET deserialization vulnerability (CVE-2019-18935) in Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency’s Microsoft Internet Information Services (IIS) web server.
Successful exploitation of this vulnerability allows for remote code execution. According to Progress Software, Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114) are vulnerable to this exploit.
Update June 15, 2023:
As of April 2023, forensic analysis conducted at an additional FCEB agency identified exploitation of CVE-2017-9248 in the agency’s IIS server by unattributed APT actors—specifically within the Telerik UI for ASP.NET AJAX DialogHandler component. This specific analysis is provided as context for existing vulnerabilities within Telerik UI for ASP.NET AJAX.
Actions to take today to mitigate malicious cyber activity: Implement a patch management solution to ensure compliance with the latest security patches. Validate output from patch management and vulnerability scanning against running services to check for discrepancies and account for all services. Limit service accounts to the minimum permissions necessary to run services.
CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) to provide IT infrastructure defenders with tactics, techniques, and procedures (TTPs), IOCs, and methods to detect and protect against similar exploitation.
North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academia, and Media - FBI - "The FBI released a joint CSA with our USG and South Korean partners detailing the operations of Kimsuky cyber actors, a subset of DPRK cyber actors. It outlines warning signs of spearphishing campaigns". Read Full Advisory PDF Document
"North Korean cyber actors are known to conduct spearphishing campaigns posing as real journalists, academics, or other individuals with credible links to North Korean policy circles".
"The Federal Bureau of Investigation (FBI), the U.S. Department of State, and the National Security Agency (NSA), together with the Republic of Korea’s National Intelligence Service (NIS), National Police Agency (NPA), and the Ministry of Foreign Affairs (MOFA), are jointly issuing this advisory to highlight the use of social engineering by the Democratic People’s Republic of Korea (DPRK a.k.a. North Korea) state-sponsored cyber actors to enable computer network exploitation (CNE) globally against individuals employed by research centers and think tanks, academic institutions, and news media organizations.
These North Korean cyber actors are known to conduct spearphishing campaigns posing as real journalists, academics, or other individuals with credible links to North Korean policy circles.
The DPRK employs social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts affecting its interests by gaining illicit access to the private documents, research, and communications of their targets".
Chinese "Web Shell" Malware From "Volt Typhoon" Hacker Group Detected In US Infrastructure In Guam And US - GUAM/US - A Chinese hacker group named "Volt Typhoon" injected malware code into telecommunications infrastructure in Guam and other locations within the United States. Read On Patreon | Read On Substack
Volt Typhoon targeted organizations involved in: communications, manufacturing, utility, transportation, construction, maritime, government, information technology, as well as education.
Fake Nuclear Strike Alert Went Out To Russians - There is a seemingly fake nuclear alert that went out alerting Russians about a nuclear strike. The alert looks to be a cyber-attack. The graphics are sleek, meant for visual effects, and have fabricated distortion. This is not something you'd likely find in a legitimate broadcast. See All Alerts
UPDATE - Russian Interfax has confirmed it was a "false air raid warning" due to "server hacking". The fake alert told Russians to take anti-radiation (potassium iodide) pills and head to the nearest bomb shelter.
The Russian Emergencies Ministry said that the message was due to a false alarm as a result of a cyberattack. This is the third cyberattack on Russian stations in the past month, but it is the first that gave instructions to Russians to take anti-radiation pills.