AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/23/2024

Three suspected Chinese spies arrested in Germany — caught stealing sensitive tech secrets

Three people suspected of stealing “innovative technologies for military use” for China have been arrested in Germany. Prosecutors say the individuals, referred to as Thomas R, Herwig F, and Ina F, acted for Chinese intelligence from around June 2022 onwards via a company in Dusseldorf. One of the individuals, Thomas R, was allegedly an agent for an employee of China’s Ministry of State Security, according to an ABC News report. These arrests come just a week after German Chancellor Olaf Sholz visited China. During his three-day visit, Sholz boldly pressed China on topics such as support for the wartime Russian economy, intellectual property theft, and fair market access.


UnitedHealth says Change hackers stole health data on ‘substantial proportion of people in America’

Health insurance giant UnitedHealth Group has confirmed that a ransomware attack on its health tech subsidiary Change Healthcare earlier this year resulted in a huge theft of Americans’ private healthcare data. UnitedHealth said in a statement on Monday that a ransomware gang took files containing personal data and protected health information that it says may “cover a substantial proportion of people in America.” The health insurance giant did not say how many Americans are affected but said the data review was “likely to take several months” before the company would begin notifying individuals that their information was stolen in the cyberattack.


Researchers claim Windows Defender can be fooled into deleting databases

Researchers at US/Israeli infosec outfit SafeBreach last Friday discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files. And, they asserted, the hole could remain exploitable – even after both vendors claim to have patched the problem. Speaking at the Black Hat Asia conference in Singapore, SafeBreach’s VP of Security Research Tomer Bar and security researcher Shmuel Cohen explained that Microsoft Defender and Kaspersky’s Endpoint Detection and Response (EDR) can be made to detect false positive indicators of malicious files – and then to delete them. The attack relies on the fact that Microsoft and Kaspersky use byte signatures – unique sequences of bytes in file headers – to detect malware.


Malware dev lures child exploiters into honeytrap to extort them

You rarely root for a cybercriminal, but a new malware campaign targeting child exploiters doesn’t make you feel bad for the victims. Since 2012, threat actors have been creating a variety of malware and ransomware that pretend to be government agencies warning infected Windows users that they were viewing CSAM. The malware tells victims they must pay a “penalty” to prevent their information from being sent to law enforcement. One of the first “modern” ransomware operations, called Anti-Child Porn Spam Protection or ACCDFISA, used this extortion tactic combined with initially locking Windows desktops and encrypting files in later versions.


Vulnerability Exploitation on the Rise as Attacker Ditch Phishing

In a move away from traditional phishing scams, attackers are increasingly exploiting vulnerabilities in computer systems to gain initial network access, according to Mandiant’s M-Trends 2024 Report. In 2023, attackers gained initial access through exploiting vulnerabilities in 38% of intrusions, a 6% increase from the previous year. Mandiant also found phishing’s prevalence declined from 22% of intrusions in 2022 to 17% in 2023. However, it was still the second most common initial access vector assessed by Mandiant.

Related Posts