AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 1/3/2024

Teen Found Alive After “Cyber-Kidnapping” Incident 

A Chinese foreign exchange student has been found alive and well by Utah police after being caught up in what authorities are claiming to be a “cyber-kidnapping” case. Kai Zhuang, 17, was reported on December 28 by his parents in China as having been kidnapped, according to ABC4 Utah. They had apparently received a ransom photo of Zhuang and subsequently sent the extortionists $80,000. Police later found him “alive but very cold and scared” in a tent in a mountainous area around 30 miles north, near Brigham City. 


US water utilities targeted by foreign hackers, prompting calls for cybersecurity overhaul 

The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack. It had never had outside help in protecting its systems from a cyberattack, either at its existing plant that dates to the 1930s or the new $18.5 million one it is building. Then it — along with several other water utilities — was struck by what federal authorities say are Iranian-backed hackers targeting a piece of equipment specifically because it was Israeli-made. 


After ransomware claims, Xerox says subsidiary hit with cyberattack 

Xerox said a subsidiary is dealing with a cyberattack that may have involved the theft of personal information. Last week a ransomware gang named INC claimed it attacked the company — which earned over $7 billion in 2022 from selling printers in more than 160 countries. When asked about the claims, a spokesperson for Xerox directed Recorded Future News to a statement that confirmed the company was dealing with a cybersecurity incident. 


Defunct Ambulance Service Data Breach Impacts Nearly 1 Million People 

Fallon Ambulance Services, a subsidiary of Transformative Healthcare and now-defunct Ambulance Service, covering the greater Boston area in the United States, was targeted by a ransomware attack, exposing nearly a million people. According to the breach notification submitted to the Maine Attorney General, around 911,757 individuals nationwide, including 20,486 Maine residents, have been affected by the attack which occurred on 17 February 2023 and was discovered on 21 April 2023. The perpetrator accessed a server containing patient information, which the company claims was stored to “comply with legal obligations.” Fallon Ambulance Services had ceased operations in December 2022. However, in April 2023, Transformative detected suspicious activity within its data storage archive from late February 2023 to late April 2023. 


Pornhub blocks North Carolina and Montana as porn regulation spreads 

Pornhub has restricted access in two more states in protest of continued nationwide state-level efforts to regulate online access to porn. 404Media reported that residents in both North Carolina and Montana visiting Pornhub and other Aylo-owned sites like Redtube or Brazzers are now greeted by a video of performer Cherie DeVille, and a handful of paragraphs, telling them their states are now blocked. Aylo began blocking access in the states last week, according to reporting from multiple outlets including The Fayetteville Observer and KRTV in Great Falls, Montana. 


First American Financial confirms threat actors stole and encrypted data 

First American Financial said the threat actors behind a previously disclosed Dec. 20 cyberattack accessed and stole non-production systems company data, which was later encrypted, according to an amended 8-K filing on Friday with the Securities and Exchange Commission. First American said the incident is contained and the company is in the process of restoring access to its systems and resuming normal business operations, according to the filing.  

Related Posts