BleepingComputer reports that brokerage firms and brokers across the U.S. have been warned by the Financial Industry Regulatory Authority regarding an active phishing campaign that spoofs the regulator's officials, in an effort to obtain sensitive data.
FINRA said that various domains impersonating its official sites — including finrar-reporting[.]org, finpro-finrar[.]org, gateway2-finra[.]org — were used to send the phishing messages.
"The email asks the recipient to click a link to 'view request' and provide information to 'complete' that request, noting that 'late submission may attract penalties'," FINRA said in its notice.
FINRA urged for immediate notification of any incident involving the clicking of links or images in the phishing emails.
Threat actors registered the domains through Hosting Concepts B.V. and NameCheap registrars on August 12. The Internet domain registrar has been sought to suspend services for the domains prior to the release of the FINRA alert.
FINRA issued a warning regarding a similar phishing campaign in June.
Gigabyte has released BIOS updates aimed at removing a firmware backdoor discovered by Eclypsium in over 270 of its motherboard models, which could have been exploited to facilitate the deployment of a Windows binary that would then prompt payload retrieval and execution, SecurityWeek reports.
Attacks exploiting a zero-day in the MOVEit Transfer file transfer app to compromise various servers and facilitate data exfiltration efforts have been admitted by the Clop ransomware operation, also known as Lace Tempest, TA505, and FIN11, after the intrusions have been attributed to the group by Microsoft, reports BleepingComputer.