FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food
Original release date: December 16, 2022The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the U.S. Department of Agriculture (USDA) have released a joint Cybersecurity Advisory (CSA) detailing recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food products and ingredients valued at hundreds of thousands of dollars. The joint CSA analyzes the common tactics, techniques, and procedures (TTPs) utilized by criminal actors to spoof emails and domains to impersonate legitimate employees and order goods that went unpaid and were possibly resold at devalued prices with labeling that lacked industry standard “need-to-knows” (i.e., necessary information about ingredients, allergens, or expiration dates).
For more information, CISA encourages organizations to review the guidance provided by the FBI, FDA OCI, and USDA in joint CSA Criminal Actors Use Business Email Compromise to Steal Large Shipments of Food Products and Ingredients—whereby businesses are urged “to use a risk-informed analysis to prepare for, mitigate, and respond to cyber incidents and cyber-enabled crime.”
This product is provided subject to this Notification and this Privacy & Use policy.
Samba Releases Security Updates
Original release date: December 16, 2022The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following Samba security announcements and apply the necessary updates.
CVE-2022-38023
CVE-2022-37966
CVE-2022-37967
CVE-2022-45141
This product is provided subject to this Notification and this Privacy & Use policy.