AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/16/2025

Microsoft stops using Bing to trick people into thinking they’re on Google

Microsoft has quietly killed off its spoofed Google UI that it was using to trick Bing users into thinking they were using Google. Earlier this month you could search for “Google” on Bing and get a page that looked a lot like Google, complete with a special search bar, an image resembling a Google Doodle, and even some small text under the search bar just like Google search. The misleading UI no longer appears on the Google search result of Bing this week, just days after it was originally discovered by posters on Reddit. Microsoft’s spoofed Google UI even automatically scrolled down the page slightly to mask its own Bing search bar that appear at the top of search results, in a blatant attempt to trick Bing users into thinking they were on Google.

 

UnitedHealth hid its Change Healthcare data breach notice for months

Change Healthcare, the UnitedHealth-owned health tech company that lost more than 100 million people’s sensitive health data in a ransomware attack last year, said on Tuesday that the company has “substantially” completed notifying affected individuals about the massive data breach. The February 2024 ransomware attack on Change Healthcare, one of the biggest processors of patient billing in the United States, resulted in months-long outages that disrupted care across the U.S. healthcare system. The data breach also became the largest known theft of medical data in U.S. history. Change Healthcare paid the hackers a ransom with the aim of preventing them from publishing any more of the stolen data, and in exchange, obtained a copy of the stolen data to begin notifying people whose information was taken.

 

Windows BitLocker bug triggers warnings on devices with TPMs

Microsoft is investigating a bug triggering security alerts on systems with a Trusted Platform Module (TPM) processor after enabling BitLocker. BitLocker is a Windows security feature that encrypts storage drives to prevent data theft or exposure. According to Redmond, it “provides maximum protection” when used with a TPM “to ensure that a device hasn’t been tampered with while the system is offline.”  ​TPMs are dedicated security processors that provide hardware-based security functions and act as trusted hardware components for storing sensitive data, such as encryption keys and various other security credentials.

 

Hackers use Google Search ads to steal Google Ads accounts

Ironically, cybercriminals now use Google search advertisements to promote phishing sites that steal advertisers’ credentials for the Google Ads platform. The attackers are running ads on Google Search impersonating Google Ads, showing as sponsored results that redirect potential victims to fake login pages hosted on Google Sites but looking like the official Google Ads homepage, where they are asked to log into their accounts. Google Sites is used to host phishing pages because it allows attackers to camouflage their fake ads, given that the URL (sites.google.com) matches Google Ads’ root domain for complete impersonation.

 

GoDaddy slapped with wet lettuce for years of lax security and ‘several major breaches’

GoDaddy has failed to protect its web-hosting platform with even basic infosec tools and practices since 2018, according to the FTC, but the internet giant won’t face any immediate consequences for its many alleged acts of omission. As one of the world’s largest web-hosting companies, and a registry and registrar with about 82 million domain names in its care, one would assume GoDaddy would be adept at applying software updates and monitoring security-related events in its hosting environment to protect its millions of customers and the visitors to their websites from online threats.

 

Data From 15,000 Fortinet Firewalls Leaked by Hackers

A hacker group has leaked data associated with roughly 15,000 Fortinet firewalls and an analysis has shown that it was likely obtained back in 2022 through the exploitation of a vulnerability. The hackers who leaked the data are calling themselves Belsen Group and they claim this is their “first official operation”. They announced on January 14 that the data is available for free, saying that it contains IPs, passwords and configurations associated with 15,000 Fortinet devices located around the world.  Security researcher Kevin Beaumont has analyzed the leaked files and confirmed that the data is genuine after mapping it to internet-exposed Fortinet devices that are visible on the Shodan search engine.

Related Posts