1 min

FBI mail server hacked by ethical hacker

An ethical hacker (“white hat”) used an FBI server to send thousands of fake emails to expose a vulnerability

Cyber risks - Security and Stability in Cyberspace - November 24, 2021

On 12 November 2021, an ethical hacker used an authentic FBI email address (eims@ic.fbi.gov) to send tens of thousands of hoax emails that casually hinted at the presence of a botnet on the recipients’ server.

The hacker said he did the hack to expose a vulnerability in the FBI’s system, namely unsecured code in an online portal designed to share information with law enforcement agencies.

The FBI acknowledged that its domain name and address had been used to send fake emails. But the bureau said the hacked server—the Law Enforcement Enterprise Portal (LEEP)—is only used to send notifications to law enforcement agencies and is not part of the FBI’s internal email service.

https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/

[FIC 2023] Trust in Digital Technology: “We Can’t Believe What We See Anymore”

By Stanislas Tarnowski

Social networks, AI, big data: digital technology has upended social structures and undermined what holds them together: trust. How can we redefine it? To answer this question at an FIC plenary ...

16 May 2023

France and Singapore launch AI lab for cyber defense

Headed by the French Ministry of Defense and Singaporean Ministry of Defense, it is part of the SAFARI agreement signed by the two countries in 1997

16 May 2023

European Union publishes list of “very large online platforms” subject to DSA

Starting from August 25, 2023, 19 tech giants will have to comply with significant regulatory requirements concerning data, problematic content and advertising

16 May 2023

The Virtual Global Taskforce worries about Meta’s default encryption

The international organization against online CSAM worries that the default encryption on Facebook and Instagram is hindering their investigations

16 May 2023

No cybersecurity without soldiers

By Cédric Cartau

No battle anywhere has ever been won without soldiers. The fantasy of wars won by drones, remotely controlled with a joystick in one hand and a telephone in the other, just doesn’t stand up ...

15 May 2023

Egypt’s cyberpower ambitions

By Adèle Forveille

President Abdel Fattah el-Sisi wants to make his country the region’s next major digital technology hub. As part of his ambitious “Egypt Vision 2030” development plan, the country ...

Cyber industrial safety

16 May 2023

Future developments for industrial cybersecurity

A recent ABI Research report addresses likely developments in securing ICS

28 April 2023

Canada: Russian cybercriminals allegedly accessed the natural gas network

The information is among the classified U.S. intelligence documents that were recently leaked

26 April 2023

CISA warns of flaws in ICS and SCADA software

Some of these flaws are critical, two have already been exploited, and all are unpatched

06 March 2023

Indian Railways updates their SCADA cybersecurity

Indian Railways is fixing vulnerabilities in its electric train traction power distribution system

14 February 2023

Scottish Water’s £50m cyber security tender

Scotland’s public water operator, considered critical infrastructure, is seeking a cyber partner for three years

20 January 2023

Everchanging cyberthreats in the energy sector

By Fabrice Deblock

APT-type attacks, widely covered hacktivist acts, cybercriminal ransomware… Businesses in the energy sector must grasp the extent of the challenges they face.

Security and Stability in Cyberspace

05 June 2023

Questions raised concerning the cyber component of the Military Programming Law

By Ronan Cotten

Although essential, the handful of measures included in the French Military Programming Law (LPM), designed to strengthen the capacity of the French National Cybersecurity Agency (ANSSI) to detect ...

16 May 2023

Russia pursues its phishing campaign in Ukraine

Google’s TAG takes stock of pro-Russian cyberattacks on Ukrainian territory, particularly against healthcare industry

12 May 2023

The failure of the “Cyber Pearl Harbor” in Ukraine

By Pierre-Yves Baillet

Despite the predictions of many experts, cyberattacks have not played a major, decisive role in how operations have been conducted. However, one year after Russia’s invasion of Ukraine, cyber ...

28 April 2023

Ukraine war: American intelligence is the victim of a major leak

Classified documents have been circulating on social media. They detail the situation of the Ukrainian army, the contours of its future offensive, and many details of Western support to Kyiv

26 April 2023

The European Union is going to set up a “cyber shield”

Made up of five to six SoCs, it should enable faster detection of cyberattacks

26 April 2023

NoName057(16) hits Canada with DDoS attacks

The pro-Russian hacktivists have targeted the sites of critical targets: ports, banks, energy or technology companies, as well as Prime Minister Justin Trudeau

Cybercrime

09 May 2023

[FIC 2023]: Are ransomware gangs just like any other business?

By Xavier Biseul

In recent months, many ransomwares as a service (RaaS) groups have disappeared or scaled back their operations. Their revenues are also lower due to the downturn in cryptocurrencies, their increased ...

28 April 2023

Moritz Körner: “the Pegasus affair is a fully fledged Watergate scandal”

By Stanislas Tarnowski

While setting up instruments to fight cybercrime and protect personal data, the European Union itself is the victim of a massive digital spying affair. However, member States and the Commission show ...

28 April 2023

Western Digital suffers massive leak of sensitive data

Attackers threaten to release 10TB of critical information if a large ransom is not paid

28 April 2023

Moritz Körner on the child sexual abuse EU proposal: “Making a huge Chinese-like surveillance State is not the way we should go”

By Stanislas Tarnowski

The very same European Union that became famous for its high privacy protection level with GDPR sparks controversy with its plan to set up a massive surveillance programme. Moritz Körner, member of ...

26 April 2023

Killnet launches cybercrime school

Russian DDoS attacker wants to share his expertise with cybercriminal trainees

06 March 2023

The FBI’s computer network hit by a cyberattack

The Federal Bureau of Investigation stated that the incident, linked to a child pornography investigation, was isolated and under control

Cyber risks

16 May 2023

Meta issues warning on malware disguised as Generative AI

Cybercriminals are also riding the ChatGPT wave

16 May 2023

A new info stealer targeting macOS devices

Cyble identifies AMOS, an info stealer that specializes in Macs and specifically targets crypto wallets

16 May 2023

Rorschach, aka BabLock: swift, stealthy and sophisticated ransomware

Checkpoint and Group-IB issue warning on new ransomware that simply encrypts data without stealing it

28 April 2023

A phishing email uses a legitimate YouTube address

The attackers hijacked a rarely used feature of the platform to send malicious links

18 April 2023

Cyber Innovation Panorama

The information presented in this panorama was collected from the 81 companies that applied for the award. The award is organized in partnership with Eviden (ex-Atos) and with the support of ...

16 April 2023

[FIC 2023] Usernames and passwords at the heart of cyber threats

By Olivier Cimelière

Now more than ever, hackers’ activities revolve around usernames and passwords. If companies fail to remedy this vulnerability as a priority, their activities could be crippled. This is the key ...

Operational security

29 May 2023

Communicating effectively in the aftermath of a cybercrisis

By Olivier Cimelière

A cyberattack has paralysed your company’s servers. The IT teams have identified the breach and disconnected the affected networks. However, the hackers have already demanded a substantial ...

26 April 2023

Canada: no cybersecurity innovation zone in Gatineau

Private investment was insufficient, says Quebec’s Minister of Economy, Innovation and Energy

24 April 2023

[FIC 2023] CRQ: how to financially quantify cybersecurity risks

By Fabrice Deblock

At a 2023 FIC workshop, C-Risk presented the Factor Analysis Information Risk (FAIR) standard. Here is an overview of this method of quantifying cybersecurity risks and the benefits for companies.

12 April 2023

How to tell If your cybersecurity strategy is outdated

By Zachary Amos

A cybersecurity strategy is an essential framework that tells people how to stay safe from cyberattacks and what to do if they occur. Unfortunately, many enterprises still follow un-updated ...

27 February 2023

The State of Burnout, a growing concern in the cybersecurity industry

By Zachary Amos

There are a few top priorities the cybersecurity industry is focusing on in 2023. Some examples are closing the skills gap, increasing diversity, equity and inclusion, and overcoming ongoing labour ...

20 February 2023

How to raise employees’ awareness of cybersecurity issues and why

By Olivier Cimelière

The number of cyberattacks is increasing but, in many businesses, there is still a persistent feeling that it only happens to others. Is this a dangerous state of denial, a misunderstanding of ...

Antifraud action

16 May 2023

Stolen credit cards: Try2Check shutdown

US authorities seized the servers of the illegal service, which specializes in checking the validity of stolen bank cards, and placed a 10 million dollars bounty on its founder

05 May 2023

[FIC 2023] 4 key issues for surviving in the Wild West of domain names

By Olivier Cimelière

A company’s domain name is one of the primary components of its digital identity and online presence. Paradoxically, it is still one of the most confusing areas to manage due to changing rules, ...

28 April 2023

International police operation brings down Genesis Market

This forum was very popular with cybercriminals as it allowed them to buy and sell bots

08 March 2023

Personal data of 10 million JD Sports customers leaked

Group warns of fraud and phishing risks following this breach

08 March 2023

Africa: Digital identity fraud on the rise

Report on KYC in Africa reveals 28% rise in fraud by 2022

08 March 2023

Fake ChatGPT desktop client spreads a Trojan horse

Cybercriminals take advantage of OpenAI chatbot’s popularity to siphon off login credentials

Digital identity & KYC

16 May 2023

DocuSign launches AI-assisted ID verification

Named “ID Verification for EU Qualified”, compliant with European Union and United Kingdom regulatory requirements, this solution also relies on human approval

26 April 2023

United States: Senate Passes Digital Identity Bill

A Senate committee has validated the Improving Digital Identity Act, which is intended to enable the deployment of a “trusted and interoperable” identity verification solution

08 March 2023

Africa: Digital identity fraud on the rise

Report on KYC in Africa reveals 28% rise in fraud by 2022

08 March 2023

Brussels finalizes European digital identity framework

Adopted by the Committee on Industry, Research and Energy, the text will be submitted to the European Parliament in mid-March 2023

14 February 2023

Canada: a digital identity card for Newfoundland and Labrador

The province’s Minister of Digital Government wants to reduce the amount of information required to prove one’s age or identity

06 January 2023

Digital identity as a national security priority in Morocco

When detailing his priorities for 2023, the Director General of the Moroccan National Security made a point of focusing on digital technology

Digital Sovereignty

31 May 2023

In the face of cybersecurity threats, Europe is getting organised, says Thierry Breton

By Fabrice Deblock

At FIC 2023, the European Commissioner for the Internal Market spoke at a plenary session. He detailed all the measures taken since he took up his role three years ago.

16 May 2023

European Union officializes Cyber Solidarity Act

The European Commission presented regulations detailing the terms of this European “cyber shield”, made up of SOCs

04 May 2023

Web3: a unique geopolitical and strategic occasion for the EU?

By Marc Auxenfants

While the Internet’s third generation marks the end of Europe’s “servitude”, its legal, regulatory and cybersecurity risks and obstacles require concerted operational ...

20 April 2023

[FIC 2023] Cloud : Is Europe Falling Behind?

By Marc Auxenfants

To successfully transform in the face of its competitors, the EU must come together, build a shared ecosystem and shore up its resilience and regulations. But above all, it must believe in its ...

17 April 2023

[FIC 2023] An obstacle course for Europe’s sovereign Cloud

By Stanislas Tarnowski

Despite formidable progress, the European Cloud seems to be struggling in the face of American Big Tech’s overwhelming dominance. The analysis by regulators and cloud and cybersecurity ...

01 March 2023

Cloud services certification: a hard road to harmonisation

By Marc Auxenfants

In a fragmented market dominated by American service providers, ENISA is trying to establish a common certification scheme called the European Cybersecurity Certification Scheme for Cloud Services ...

FBI mail server hacked by ethical hacker

Read also