Daily News Update: Saturday, April 5, 2025
4 articles were published in the last 24 hours, covering 3 topics:
China Targets Fired US Govt Workers with Fake Consulting Gigs
- Chinese intelligence services are reportedly using fake consulting and headhunting firms to recruit recently laid-off US federal employees, leveraging their potential need for new work and access to sensitive information.
- Researchers at the Foundation for Defense of Democracies (FDD) identified five companies, including Smiao Intelligence (a seemingly legitimate Chinese firm) and four likely fronts (RiverMerge Strategies, Dustrategy, Tsubasa Insight, and Wavemax Innov), posting targeted job ads on platforms like LinkedIn and Craigslist.
- These front companies often cloned legitimate business websites and used shared infrastructure (like Tencent hosting and a niche Chinese email provider), suggesting a coordinated effort to deceive former government staff into unknowingly engaging with a hostile foreign actor.
The Register | Fired US govt workers, Uncle Xi wants you! – to apply for this fake consulting gig
New 'Defendnot' Tool Bypasses Microsoft Defender
- A new tool dubbed 'Defendnot' has emerged, capable of disabling Microsoft Defender on Windows systems by registering a fake antivirus product with the Windows Security Center (WSC).
- The technique exploits an undocumented WSC API that legitimate antivirus software uses to signal its presence and take over real-time protection, causing Windows to automatically disable Defender to prevent conflicts.
- Defendnot achieves this by injecting a dummy antivirus DLL into a trusted system process (like Taskmgr.exe) to bypass PPL and signature requirements, demonstrating how trusted features can be abused to compromise endpoint security.
Bleeping Computer | New 'Defendnot' tool tricks Windows into disabling Microsoft Defender
Data Privacy Shifts: CFPB Drops Broker Rules, New Zero-Knowledge Location Tech Emerges
- The US Consumer Financial Protection Bureau (CFPB) has withdrawn its proposed rule that would have reclassified certain data brokers as 'consumer reporting agencies', effectively scrapping plans for stricter regulation on how sensitive personal data is collected and sold.
- This decision comes despite concerns raised by the CFPB and others about the potential for misuse of broker data by scammers, stalkers, and foreign entities, and follows recent incidents highlighting data broker security failures.
- Separately, researchers have developed Zero-Knowledge Location Privacy (ZKLP), a novel technique using zk-SNARKs and the Discrete Global Grid System to allow users to cryptographically prove they are within a specific geographical area without revealing their precise location, offering a new approach to privacy-preserving location sharing.
The Register | America’s consumer watchdog drops leash on proposed data broker crackdown
The Register | Boffins devise technique that lets users prove location without giving it away
