FBI Shuts Down BreachForums

The FBI has seized the notorious BreachForums hacking forum, a platform used to leak and sell stolen corporate data to cybercriminals. The website, which was taken down on May 15, now displays a message indicating that the FBI has taken control of the site and its backend data, including email addresses, IP addresses, and private messages of its members. The seizure is a significant blow to the cybercriminal community, and the FBI is requesting victims and individuals to come forward with information about the hacking forum and its members to aid in their investigation. The move comes after the site was used to leak data stolen from various breaches and marks a major crackdown on cybercrime.

Cyber Trust Label Program Targets Year-End Launch

The White House is pushing to have consumer devices bearing a cybersecurity trust label on store shelves by the end of the year. The U.S. Cyber Trust Mark program, approved by the FCC, aims to help consumers understand the security of everyday devices and incentivize manufacturers to include baseline digital defenses. According to Anne Neuberger, Deputy National Security Adviser for Cyber and Emerging Technologies, a "large swath of companies" have already signed up to have their products tested by accredited labs, with the federal government poised to "prime the pump" a signal to manufacturers that will be a large purchaser of "Certified" devices. The goal is to make secure devices the norm, driving down the number of threats and making them more defensible.

Windows Quick Assist Abused in Black Basta Ransomware Attacks

Microsoft has been investigating a social engineering campaign where financially motivated cybercriminals abuse the Windows Quick Assist feature to deploy Black Basta ransomware payloads on victims' networks. The attackers email bomb targets, then impersonate Microsoft support or IT staff to trick victims into granting access to their devices using Quick Assist. Once granted, they download malicious payloads, including Qakbot, Cobalt Strike, and eventually deploy Black Basta ransomware. To block these attacks, Microsoft advises blocking or uninstalling Quick Assist and similar tools if not used, and training employees to recognize tech support scams. Victims should only allow connections from trusted sources and disconnect any suspicious Quick Assist sessions. Black Basta ransomware has breached over 500 organizations, including healthcare and critical infrastructure providers, and has collected at least $100 million in ransom payments.

Washington DC Metro Website Down for Two Hours Due to Cyberattack

A cyberattack took down Metro's website, WMATA.com, for two hours on May 7, with targeted DDoS attack that overwhelmed WMATA's servers. According to cybersecurity expert Steve McKeon, the hackers aimed to overwhelm the system, like "trying to put more water through a hose than it can handle." Metro stated that none of its customer or employee data was compromised, and services like the SmarTrip app and mobile transactions were not impacted. McKeon advises Metro to thoroughly check its IT systems, as this could be a red herring to attack other systems in the organization. The Transportation Security Administration (TSA), Federal Transit Administration, and Cybersecurity and Infrastructure Security Agency have been notified.