AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 3/1/2024

UnitedHealth confirms ransomware gang behind Change Healthcare hack amid ongoing pharmacy outages

American health insurance giant UnitedHealth Group has confirmed a ransomware attack on its health tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies across the United States. “Change Healthcare can confirm we are experiencing a cyber security issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat,” said Tyler Mason, vice president at UnitedHealth, in a statement to TechCrunch on Thursday. “Our experts are working to address the matter and we are working closely with law enforcement and leading third-party consultants, Mandiant and Palo Alto Network[s], on this attack against Change Healthcare’s systems. We are actively working to understand the impact to members, patients and customers,” the spokesperson said.


Brave browser launches privacy-focused AI assistant on Android

Brave Software is the next company to jump into AI, announcing a new privacy-preserving AI assistant called “Leo” is rolling out on the Android version of its browser through the latest release, version 1.63. Leo can perform a wide range of tasks, including summarizing webpages or videos, answering questions on given content, translating pages, writing code, creating transcriptions from video or audio clips, and generating written content. Summoning the assistant is as simple as tapping the “star” button when AI features are available. For on-page chat, tap the “” options menu and select “Leo” to get started.


Calendar Meeting Links Used to Spread Mac Malware

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly, a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems. KrebsOnSecurity recently heard from a reader who works at a startup that is seeking investment for building a new blockchain platform for the Web. The reader spoke on condition that their name not be used in this story, so for the sake of simplicity we’ll call him Doug.


GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories

GitHub on Thursday announced that it’s enabling secret scanning push protection by default for all pushes to public repositories. “This means that when a supported secret is detected in any push to a public repository, you will have the option to remove the secret from your commits or, if you deem the secret safe, bypass the block,” Eric Tooley and Courtney Claessens said. Push protection was first piloted as an opt-in feature in August 2023, although it has been under testing since April 2022. It became generally available in May 2023.



The Hungarian business of the European discount retailer Pepco Group has been the victim of a phishing attack, crooks stole about 15 million euros ($16.3 million). The group operates three distribution lines: Poundland in the United Kingdom, Dealz in the Republic of Ireland and Spain, and Pepco in various European countries. “Pepco Group (“Pepco” or the “Group”) has been the target of a sophisticated fraudulent phishing attack in its Hungarian business.” reads the press release published by the company. “The attack has resulted in a loss of approximately €15.5 million in cash, before any potential recovery. It is unclear at this stage whether the funds can be recovered, although Pepco is pursuing various efforts through its banking partners and the police. At this stage, the incident does not appear to have involved any customer, supplier or colleague information or data.”


Taiwan Military Says Hackers Sold Telecom Giant’s Data on Web

Taiwan’s military said hackers sold data stolen from the island’s biggest telecom company on the internet, the latest challenge to the democratically run island’s cybersecurity. The leaked documents that related to the military didn’t contain confidential information, the Defense Ministry in Taipei said Thursday in response to a query from Bloomberg News. Broadcaster TVBS reported earlier that hackers took sensitive information from Chunghwa Telecom Co. and Taiwanese national security units.


Related Posts