FBI warns of time-traveling hackers

Cybercriminals always find new ways to scam you, whether it's mimicking a government agency, creating a fake website or delivering malware disguised as a software update. Just when you think you've seen it all, they come up with a new trick.
This time, the FBI has issued an alert: Hackers are using a "time-traveling" technique to bypass your device's security measures. No, we're not talking about actual time travel (though wouldn't that be something?). This is a sophisticated cyberattack where hackers manipulate a system's internal clock to sneak past security defenses.
Join The FREE "CyberGuy Report": Get my expert tech tips, critical security alerts and exclusive deals, plus instant access to my free "Ultimate Scam Survival Guide" when you sign up.
The concept of "time-traveling hackers" refers not to literal time travel but to a sophisticated cyberattack technique where hackers manipulate a system's internal clock to bypass security measures. This attack is reportedly tied to the Medusa ransomware gang.
In this type of attack, hackers exploit expired security certificates by altering the system date on a targeted device to a time when those certificates were still valid. For example, a security certificate that expired in, say, 2020 could be made usable again if the system's clock is set back to 2019. This allows malicious software signed with these outdated certificates to be recognized as legitimate by the system, effectively "traveling back in time" from a security perspective.
This technique was notably used in the Medusa ransomware attacks, which targeted critical infrastructure and prompted an FBI cybersecurity advisory (AA25-071A) earlier in 2025. The campaign has affected over 300 critical infrastructure targets. The attackers combined this method with social engineering and exploited unpatched vulnerabilities, amplifying the threat.
The FBI has warned that such attacks pose a significant risk, as they can disable modern security protections like Windows Defender by tricking the system into accepting outdated drivers or software.
Traditional search and rescue tools, like rigid robots and specialized cameras, often struggle in disaster zones. Cameras follow only straight paths, forcing teams to cut through debris just to see further in. Rigid robots are vulnerable in tight, unstable spaces and expensive to repair when damaged. And manual probing is slow, exhausting and risks responder safety.
1) Use strong antivirus software: A strong antivirus isn't just for catching old-school viruses anymore. It can detect phishing links, block malicious downloads and stop ransomware before it gets a foothold. Since the Medusa gang uses fake updates and social engineering to trick users, having strong antivirus software adds a critical layer of protection against threats you might not see coming. Get my picks of the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2) Enable two-factor authentication (2FA): The FBI specifically recommends enabling 2FA across all services, especially for high-value targets like webmail accounts, VPNs and remote access tools. 2FA makes it significantly harder for attackers to break in, even if they've managed to steal your username and password through phishing or other tactics.
3) Use strong, unique passwords: Many ransomware groups, including Medusa, rely on reused or weak passwords to gain access. Using a strong password (think long, random and unique to each account) greatly reduces that risk. A password manager can help you generate and store complex passwords so you don't have to remember them all yourself. Get more details about my best expert-reviewed password managers of 2025 here.
4) Monitor for suspicious system time changes: The core of this "time-traveling" attack is clock manipulation: Hackers roll back a device's clock to a time when expired security certificates were still valid. This allows outdated and potentially malicious software to appear trustworthy. Be alert to unexpected system time changes, and if you're managing an organization, use tools that flag and log these types of configuration shifts.
5) Keep systems updated and patch known vulnerabilities: The Medusa ransomware campaign has a track record of exploiting unpatched systems. That means old software, outdated drivers and ignored security updates can all become entry points. Regularly installing updates for your OS, applications and drivers is one of the most effective ways to stay protected. Don't put off those system notifications; they exist for a reason.
The Medusa attack is a good example of how cybercriminals are shifting tactics. Instead of relying on traditional methods like brute force or obvious exploits, they are targeting the basic logic that systems depend on to function. In this case, it is something as simple as the system clock. This kind of strategy challenges the way we think about security. It is not just about building stronger defenses but also about questioning the default assumptions built into the technology we use every day.
How do you think technology companies can better support individual users in protecting their data and devices? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Engadget

an hour ago

• Engadget

Perplexity's AI-powered browser opens up to select Windows users

Perplexity is planning to open up its Comet browser that's powered by "agentic search" to Windows users, according to the company's CEO. Aravind Srinivas posted on X that the Windows build of Comet is ready and has sent out invites to early testers already. Perplexity's CEO also hinted at a potential release for Android devices, adding that it was "moving at a crazy pace and moving ahead of schedule." In May, Perplexity launched a beta version of its AI-powered Comet browser, only available to Mac users running Apple Silicon. The intelligent browser comes with AI features baked in, like the ability to ask it questions, check shopping carts for discounts and dig up unanswered emails. The beta version even showcases a "Try on" feature where users can upload a photo of themselves and Comet will generate an image of them wearing a selected piece of clothing. There's still no official debut set, but Srinivas previously hinted at an upcoming release in an X post earlier this month. Comet is still only offering a waitlist for those interested, but the browser has already stirred up controversy. The company's CEO previously made comments during a podcast interview that Perplexity would use Comet "to get data even outside the app to better understand you." Srinivas later clarified on X that the comment was taken out of context, adding that "every user will be given the option to not be part of the personalization" when it comes to targeted ads. When Comet is released, the agentic browser will face competition from Opera Neon and similar offerings from Google and OpenAI.

Yahoo

2 hours ago

• Yahoo

This LinkedIn Message Could Cost You Your Life Savings—How To Avoid The Crypto Scam The FBI Says is Targeting Professionals

Benzinga and Yahoo Finance LLC may earn commission or revenue on some items through the links below. Federal authorities have filed to seize nearly $680,000 in cryptocurrency connected to a sophisticated romance scam that devastated two victims, highlighting the growing threat of crypto-enabled fraud targeting everyday investors. The case, filed by the U.S. Attorney's Office for the Northern District of Ohio, reveals how scammers are weaponizing both human psychology and cryptocurrency's complexity to steal life savings. The seizure involves 679,981.22 Tether, a stablecoin pegged to the U.S. dollar, representing the traceable portion of funds stolen from victims in Ohio and Arizona. Don't Miss: — no wallets, just price speculation and free paper trading to practice different strategies. Grow your IRA or 401(k) with Crypto – . The primary victim, a Solon, Ohio resident, fell prey to 'Kristina Tian,' who initiated contact through LinkedIn in July 2024. The scammer followed a methodical playbook: Platform Migration: Moving from LinkedIn to WhatsApp to avoid platform monitoring Trust Building: Developing a friendly relationship before introducing financial topics Credibility Establishment: Showcasing supposed cryptocurrency trading successes Proof of Funds: Getting the victim to reveal significant assets, including $500,000 in his Kraken account Confidence Building: Allowing a small withdrawal to establish trust before the larger theft When confronted after FBI intervention, the alleged scammer revealed the cruel reality with mocking messages: 'I feel for you. But thank you for you giving me half of your savings' and 'Glad to use your life savings." The second victim demonstrates how these scams transcend demographics. An Arizona woman met her alleged scammer on the Coffee Meets Bagel dating app. After building trust, he allegedly convinced her to invest in cryptocurrency through then transfer funds to a fraudulent platform. Her losses tell a devastating financial story: $15,000 withdrawn from her 401(k) retirement account $48,000 from a home equity loan her daughter secured Total loss: $63,000 representing her retirement security and family debt Unlike traditional financial fraud, cryptocurrency transactions create permanent public records on blockchain networks. Investigators leveraged this transparency to: Track Fund Movement: Following transactions across multiple cryptocurrency addresses Identify Conversion Patterns: Tracing how stolen funds were converted to USDT Map Criminal Networks: Discovering additional funds beyond the traceable victim losses Establish Money Laundering: Identifying patterns consistent with criminal proceeds laundering, The investigation revealed that criminals had converted stolen cryptocurrency to Tether, or USDT, across two addresses on the Tron blockchain, a common technique for moving illicit funds due to USDT's stability and liquidity. Trending: New to crypto? on Coinbase. Platform Progression Warning Signs: Initial contact through professional networks, such as LinkedIn or dating apps Requests to move conversations to encrypted messaging apps Unsolicited investment advice from new online connections Pressure to use unfamiliar trading platforms Investment Red Flags: Guaranteed returns with no risk Requests to transfer funds from legitimate exchanges to unknown platforms Complex withdrawal processes or fees Limited-time investment opportunities Psychological Manipulation Tactics: Building romantic or friendly relationships before financial discussions Sharing 'proof' of trading success Requesting screenshots of your account balances Creating urgency around investment opportunities Before You Invest: Verify Platform Legitimacy: Only use established, regulated cryptocurrency exchanges Independent Research: Never invest based solely on recommendations from online contacts Start Small: Test any new platform with minimal amounts first Professional Consultation: Discuss significant investments with licensed financial advisors During Conversations: Maintain Skepticism: Be wary of unsolicited investment advice, especially from new contacts Protect Private Information: Never share account screenshots or balance information Verify Identity: Video calls and reverse image searches can help verify online contacts Trust Your Instincts: If something feels too good to be true, it probably is If You Suspect Fraud: Stop All Transactions: Immediately cease further investments or communications Document Everything: Save all messages, transaction records, and platform details Report Immediately: Contact the FBI's Internet Crime Complaint Center and your local field office Professional Help: Consult with cybercrime attorneys or financial recovery specialistsThis case represents a fraction of the estimated $5.6 billion lost to cryptocurrency scams in 2023, according to Federal Trade Commission data. Romance scams specifically accounted for $1.3 billion in losses, with median individual losses of $9,000. Why Crypto Appeals to Scammers: Irreversible Transactions: Unlike credit cards or bank transfers, cryptocurrency transactions cannot be reversed Pseudonymous Nature: While transactions are public, wallet addresses don't directly reveal personal identity Global Reach: Criminals can operate across international boundaries with reduced law enforcement coordination Technical Complexity: Many victims don't fully understand cryptocurrency mechanics, making deception easier If successful, the Department of Justice's forfeiture action demonstrates that law enforcement is developing sophisticated cryptocurrency tracking capabilities. The seized funds would be returned to victims, though recovery is never guaranteed and often partial. The Legal Process: Asset Identification: Investigators trace stolen funds using blockchain analysis Civil Forfeiture: Government files civil complaints against the cryptocurrency itself Court Proceedings: Government must prove by preponderance of evidence that funds are proceeds of crime Victim Restitution: Recovered funds are distributed to verified victims While cryptocurrency offers legitimate investment opportunities, it also provides new tools for sophisticated criminals. The Ohio and Arizona victims' experiences demonstrate that education, skepticism, and proper security measures are essential for anyone entering the crypto space. As federal authorities develop better tools for tracking and recovering stolen cryptocurrency, the message to both investors and criminals is clear: blockchain technology that enables crime also provides the evidence trail for prosecution. For investors, the best protection remains old-fashioned due diligence combined with modern security practices. Read Next: Maker of the $60,000 foldable home has 3 factory buildings, 600+ houses built, and big plans to solve housing — Image: Shutterstock This article This LinkedIn Message Could Cost You Your Life Savings—How To Avoid The Crypto Scam The FBI Says is Targeting Professionals originally appeared on Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data

Forbes

2 hours ago

• Forbes

Microsoft Confirms Windows 11 Automatic Deletions: Take Action Now To Protect Yourself

Microsoft's Windows 11 creates System Restore points, that is, snapshots of your PC's system files, settings and registry. But those points expire and are automatically deleted after 60 days, Microsoft has now confirmed. Users can protect themselves by creating regular System Restore points. 'With System Restore you can revert your PC's state to a previous point in time. By using System Restore, you can undo these changes without affecting your personal files,' Microsoft says. Windows 11 Which is great, but those restore points don't last forever, so it's important to know exactly how long they are there for. Previous documentation suggested that on Windows 10, restore points could last as long as 90 days. Windows Latest reports that 'After Windows 11's release in 2021, the retention period has been anywhere between 10 and 90 days (mostly 10 days),' it says. Ten days really isn't long, but there's good news. In a new support document relating to the June 10 update, Microsoft is a bit more specific. 'After installing the June 2025 Windows security update, Windows 11, version 24H2 will retain system restore points for up to 60 days. To apply a restore point, select Open System Restore. Restore points older than 60 days are not available. This 60-day limit will also apply to future versions of Windows 11, version 24H2,' it says. In other words, Microsoft has confirmed that Windows 11 System Restore points will be deleted after 60 days, so you need to periodically create restore points. That's not as good as 90 days, obviously, but way better than 10 days. 'This will give you multiple snapshots, but Windows will still delete the oldest ones once they exceed the retention window (now 60 days on Windows 11 24H2 by default),' says Windows Latest. To create your own System Restore point, as Windows Latest explains, you open Start and search for 'Create a restore point,' which will open System Protection tab in System Properties. Next, under Protection Settings, check that one of the partitions where you're going to put the backup is protected. Choose that partition and Configure to turn on protection. Then, click Create and follow the onscreen instructions. This will last for 60 days. Now that the deletion date is clear, it seems like creating one every few weeks is good practice.