Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
A wave of phony emails from an FBI mail server originated from an issue with the agency's Law Enforcement Enterprise Portal.
1 Min Read
The FBI on Saturday responded to a report flagged by Spamhaus of phony emails coming from the agency's actual @ic.fbi.gov domain, calling the incident a result of a software misconfiguration on its Law Enforcement Enterprise Portal (LEEP), from which the FBI communicates with state and local law enforcement.
The emails, which warned of a fake cyberattack, were sent on Nov. 12, and Spamhaus reported early the next morning that the messages indeed were fake: "We have been made aware of "scary" emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS (the LEEP portal), our research shows that these emails *are* fake," Spamhaus tweeted.
The FBI on Saturday confirmed that the emails came from one of its LEEP servers, it was not part of the agency's corporate email system. "No actor was able to access or compromise any data or [personally identifiable information] on the FBI’s network. Once we learned of the incident, we quickly remediated the software vulnerability, warned partners to disregard the fake emails, and confirmed the integrity of our networks."
Read more here.
About the Author(s)
You May Also Like
More Insights
Webinars
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
