Oregon health officials ask public to fill out survey on shellfish in wake of poisoning outbreak
Www.oeisdigitalinvestigator.com:
State health officials are asking people who recently harvested or ate any shellfish from the Oregon Coast to complete a survey as part of an investigation of at least 20 illnesses linked to shellfish biotoxins.
On May 28, Oregon Health Authority (OHA) urged people to throw out mussels gathered from beaches between Seal Rock State Park north to the Washington border after cases of paralytic shellfish poisoning (PSP) were reported to the agency. The shellfish were harvested at beaches in Lincoln, Tillamook and Clatsop counties.
Among other symptoms, paralytic shellfish poisoning can paralyze respiratory muscles.
The health authority is now asking people who harvested or ate Oregon shellfish since May 13 to take a short survey to help investigators identify a possible cause of the outbreak and how many people became sick. Responses are secure and confidential, and will help OHA Public Health Division investigators learn more about the sources and size of this outbreak.
Those who already completed an interview with their local public health agency do not need to complete the survey.
On May 23, the Oregon Department of Fish and Wildlife (ODFW) and the Oregon Department of Agriculture (ODA) closed a stretch of Oregon Coast to mussel harvesting from Seal Rock State Park north to Cape Lookout due to high levels of PSP. The mussel harvest closure was extended from Seal Rock State Park north to the Washington border on May 26.
People who experience any symptoms of paralytic shellfish poisoning (PSP) – numbness of the mouth and lips, nausea, vomiting, diarrhea, weakness, and in severe cases, shortness of breath or irregular heartbeat – should immediately contact a health care provider. They can also get advice by calling the Oregon Poison Center at 800-222-1222.
PSP is a foodborne illness caused by saxitoxins produced by marine algae and caused by eating shellfish contaminated with the naturally occurring biotoxin, including scallops, mussels, clams, oysters and cockles, as well as some fish and crabs, according to the Centers for Disease Control and Prevention. There is no antidote for PSP – treatment involves supportive care and, if necessary, respiratory support.
(To sign up for a free subscription to Food Safety News,clickhere)
Examine the forefront of digital research in our Latest News & Blog. Study expert analyses, technological advancements, and key industry insights that keep you informed and prepared in the ever-evolving world of digital forensics.
A white male identified handiest as John Doe 49 is being sought by the FBI for “most important knowledge” in pretty of one sexual exploitation investigation. The company described the particular person as between Forty five and 65 years ragged, bald, with a darkish goatee. Photograph courtesy Federal Bureau of Investigation
Nov. 15 (UPI) — The Federal Bureau of Investigation is searching out for the final public’s assist in figuring out a man investigators are searching out for to ask in connection with pretty of one sexual exploitation case.
The unknown man is identified as “John Doe 49″ and is believed to comprise “most important knowledge” bearing on the id of pretty of one sufferer, the FBI published in an announcement issued Thursday.
Investigators launched composed images from a video of the particular person which they said was produced on or sooner than July of this year.
John Doe 49 was described as a white male between Forty five and 65 years ragged, bald, with a darkish goatee.
He has on the least on the least 5 visible tattoos: the note “Dabby” on the staunch side of his chest, the numeral “197” adopted by that you just might per chance well likely likely imagine additional unknown textual squawk on his left bicep, and additional tattoos on his left and staunch forearms and staunch bicep.
Anybody with knowledge relating to the particular person is urged to call the FBI’s toll-free tip line at 1-800-CALL-FBI (1-800-225-5324), or to contact a Crimes Against Kids Investigator at their local FBI office, or the closest American Embassy or Consulate.
Members of the final public can moreover submit anonymous guidelines about John Doe 49 on-line here.
A brand novel ransomware-as-a-provider (RaaS) operation is impersonating the legit Cicada 3301 group and has already listed 19 victims on its extortion portal, because it snappy attacked firms worldwide.
The novel cybercrime operation is named after and makes use of the a similar model because the mysterious 2012-2014 online/exact-world game named Cicada 3301 that alive to account for cryptographic puzzles.
On the opposite hand, there could be no connection between the 2, and the legit project has issued a statement to give up any affiliation with the possibility actors and condemned the ransomware operation’s actions.
“We discontinue no longer know the identification of the criminals at the abet of those defective crimes, and are no longer associated with these groups in any approach,” reads the statement from the Cicada 3301 group.
Top private investigator: Launched in early June
The Cicada3301 RaaS first began promoting the operation and recruiting affiliates on June 29, 2024, in a forum undergo the ransomware and cybercrime forum identified as RAMP.
On the opposite hand, BleepingComputer is responsive to Cicada assaults as early as June 6, indicating that the crew used to be working independently earlier than trying to recruit affiliates.
Cicada3301 ransomware operator trying for affiliates on RAMP boards Source: Truesec
Relish assorted ransomware operations, Cicada3301 conducts double-extortion tactics the put they breach corporate networks, steal details, and then encrypt devices. The encryption key and threats to leak stolen details are then usual as leverage to fear victims into paying a ransom.
The possibility actors operate an details leak put that is common as portion of their double-extortion blueprint.
An prognosis of the novel malware by Truesec published well-known overlaps between Cicada3301 and ALPHV/BlackCat, indicating a that it’s good to perchance perchance well be in a put to deem rebrand or a fork created by dilapidated ALPHV’s core team contributors.
Right here is primarily based completely mostly on the truth that:
Both are written in Rust.
Both Exercise the ChaCha20 algorithm for encryption.
Both make use of a similar VM shutdown and snapshot-wiping instructions.
Both use the a similar person interface suppose parameters, the a similar file naming conference, and the a similar ransom designate decryption system.
Both use intermittent encryption on better files.
For context, ALPHV carried out an exit scam in early March 2024 keen faux claims about an FBI takedown operation after they stole a massive $22 million price from Substitute Healthcare from one in all their affiliates.
Truesec has also learned indications that the Cicada3301 ransomware operation can also associate with or form primarily the most of the Brutus botnet for preliminary entry to corporate networks. That botnet used to be previously associated with global-scale VPN brute-forcing actions targeting Cisco, Fortinet, Palo Alto, and SonicWall home equipment.
Or no longer it is value noting that the Brutus exercise used to be first spotted two weeks after ALPHV shut down operations, so the link between the 2 groups restful stands in phrases of timelines.
Top private investigator: But one other possibility to VMware ESXi
Cicada3301 is a Rust-primarily based completely mostly ransomware operation with both Home windows and Linux/VMware ESXi encryptors. As portion of Truesec’s document, the researchers analyzed the VMWare ESXi Linux encryptor for the ransomware operation.
Relish BlackCat and various ransomware households, comparable to RansomHub, a clear key desires to be entered as a suppose line argument to launch the encryptor. This key is common to decrypt an encrypted JSON blob that contains the configuration that the encryptor will use when encrypting a instrument.
Truesec says that the encryptor tests for the validity of the main by utilizing it to decrypt the ransom designate and, if worthwhile, continues with the the rest of the encryption operation.
Its main feature (linux_enc) makes use of the ChaCha20 circulation cipher for file encryption and then encrypts the symmetric key usual within the approach with an RSA key. The encryption keys are generated randomly utilizing the ‘OsRng’ feature.
Cicada3301 targets relate file extensions matching paperwork and media files and tests their dimension to rep out the put to use intermittent encryption (>100MB) and the put to encrypt the total file contents (<100MB).
When encrypting files, the encryptor will append a random seven-character extension to the file title and earn ransom notes named ‘RECOVER-[extension]-DATA.txt,’ as proven below. It could perchance probably also restful be eminent that BlackCat/ALPHV encryptors also usual random seven-character extensions and a ransom designate named ‘RECOVER-[extension]-FILES.txt.’
The ransomware’s operators can region a snooze parameter to lengthen the encryptor’s execution, potentially to evade rapid detection.
A “no_vm_ss” parameter also orders the malware to encrypt VMware ESXi virtual machines without trying to shut them down first.
On the opposite hand, by default, Cicada3301 first makes use of ESXi’s ‘esxcli’ and ‘vim-cmd’ instructions to shut down virtual machines and delete their snapshots earlier than encrypting details.
esxcli –formatter=csv –format-param=fields==”WorldID,DisplayName” vm process list | grep -viE ”,(),” | awk -F ”\”*,\”*” '{system(”esxcli vm process kill –type=force –world-id=”$1)}’ > /dev/null 2>&1;
for i in `vim-cmd vmsvc/getallvms| awk '{print$1}’`;do vim-cmd vmsvc/snapshot.removeall $i & done > /dev/null 2>&1
Cicada3301’s actions and rate of success repeat an experienced actor who’s aware of what they’re doing, further supporting the speculation of an ALPHV reboot or at least utilizing affiliates with prior ransomware ride.
The novel ransomware’s focal level on ESXi environments highlights its strategic form to maximize anguish in enterprise environments that many possibility actors now target for lucrative earnings.
By combining file encryption being able to disrupt VM operations and steal away restoration alternate suggestions, Cicada3301 ensures a high-affect attack that is affecting whole networks and infrastructures, maximizing the stress placed on victims.
Oeisdigitalinvestigator.com: In preserving with files from cybersecurity firm Cyvers, stolen funds on centralized exchanges elevated 900% year over year in the 2d quarter… Learn Extra
