AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 5/2/2024

A Lot of People Are Falling for Those ‘Your Package Cannot Be Delivered’ Texts

We all know the “your package has been delayed” texts are bogus, right? Apparently not, according to Akamai, which finds that traffic to US Postal Service phishing sites get more traffic some weeks than the actual USPS website. “The USPS is under attack from text scams, especially during holiday seasons of Christmas and Thanksgiving because of the nature of gift buying in these holidays,” Akamai says. Akamai compared traffic to the real USPS website against a host of the most popular fake USPS websites from a number of different domains.


NSA guy who tried and failed to spy for Russia gets 262 months in the slammer

A former NSA employee has been sentenced to 262 months in prison for attempting to freelance as a Russian spy. In his trial yesterday, Jareh Sebastian Dalke pleaded guilty to six counts of attempted transmission of top-secret info to a foreign agent as announced by the US Department of Justice. He had worked at the NSA as an information systems security designer for just under a month from June to July 2022, making quick work of the short period by accumulating top secret documents with national defense information (NDI).


DBIR: Vulnerability Exploits Triple as Initial Access Point for Data Breaches

The exploitation of vulnerabilities as an initial access step for a breach increased by a staggering 180% between 2022 and 2023. According to Verizon’s 2024 Data Breach Investigations Report (DBIR), published on May 1, this method of gaining unauthorized access leading to a breach accounted for 14% of malicious actors’ way into a network. It is the third most used after credential theft and phishing. This growth is partly due to the exploitation of the MOVEit vulnerability and several other zero-day exploits that ransomware actors used throughout 2024, the report said.


Senators grill UnitedHealth CEO on Change Healthcare cyberattack

UnitedHealth Group (UHG) CEO Andrew Witty was on the hot seat May 1 at the Senate Finance Committee and during a mostly cordial two-hour hearing on the Change Healthcare ransomware incident Witty continually told a bi-partisan group of senators what’s become a standard refrain from CEOs following a cyberattack: UHG will offer consumers two years of free credit and identity theft protection. Senate Finance Committee Chairman Ron Wyden, D-Ore., responded to Witty’s repeated offerings of credit support with this barb: “Credit monitoring is the ‘thoughts and prayers’ of data breaches, this is absolutely inefficient.”


Microsoft confirms recent Windows security update breaks VPNs, no fix yet

Bad news for those of us quick to click the “update” button: Microsoft has confirmed that the suite of April security updates for Windows has broken the functionality of VPN services on the operating system in its release health dashboard. Microsoft describes the issue as “Windows devices might face VPN connection failures” on the new updates — the wording makes it unclear whether the bug effects all users or only some. Microsoft has not given any updates on when the bug will be fixed or what the reason for it is, but we can rest assured it will solve the problem “in an upcoming release.” The bug affects security updates extended to Windows 10 and 11 releases and various Windows Server releases.

Related Posts