Wednesday, October 15, 2025

PowerSchool Hack


A 19-year-old college student from Massachusetts, has been sentenced to four years in prison after pleading guilty to hacking PowerSchool, a software platform used by schools across the United States to manage student information. He gained unauthorized access to the system and stole a massive amount of sensitive data belonging to 60 millions students and 9 million teachers; including personal identifiers, medical details, and educational records.

After gaining access, he contacted the company and demanded $2.85 million in Bitcoin (30 bitcoin), threatening to release the stolen data online if his ransom demand was not met.


PowerSchool confirmed that multifactor authentication (MFA) was not enabled on some of its systems at the time of the incident. This admission became a key detail in understanding how he was able to compromise the system so effectively.


https://bit.ly/4hcfhKo


Headlines:


"...He accessed databases belonging to the company PowerSchool that had information on more than 60 million students and nine million teachers."


"Sensitive data, including students’ Social Security numbers, special education status, medical conditions and parental restraining orders, were exposed in the hack, which PowerSchool made public in January."


"Last month, Texas sued PowerSchool, saying the company broke state laws relating to deceptive trade practices and identity theft protection, including by misleading consumers into believing its shoddy security practices were 'state-of-the-art.'

PowerSchool has acknowledged the hack was enabled by the fact that it did not use multifactor authentication."


Friday, September 26, 2025

Flight Delays Across Europe Due To Cyber Attacks

 

Most of us don’t think much about cybersecurity—until it affects us directly. But the reality is: threats exist whether we’re aware of them or not.


Recently, cyberattacks caused flight delays in airport terminals across Europe. Imagine arriving at the airport, ready for your holiday, only to learn your flight is delayed or even cancelled for hours. Frustrating, right?


https://bit.ly/4pH2hjL


Headlines:

"Several of the largest airports in Europe, including London Heathrow, have been trying to restore normal operations over the past few days after an attack on Friday disrupted automatic check-in and boarding software.


The problem stemmed from Collins Aerospace, a software provider that works with several airlines across the world."


"Airports in Brussels, Dublin and Berlin have also experienced delays. While kiosks and bag-drop machines have been offline, airline staff have instead relied on manual processing."


"A spokesperson for Brussels airport said Collins Aerospace had not yet confirmed the system was secure again. On Monday, 40 of its 277 departing flights and 23 of its 277 arriving services were cancelled."

Monday, September 1, 2025

China's Salt Typhoon Cyberspies Continue Their Years-long Hacking Campaign

 

Be highly alert of the China-based APT threat actors, like Salt Typhoon (and of the others too).

If you use the following products then DO patch them immediately:

Ivanti Connect Secure and Ivanti Policy Secure: CVE-2024-21887 & CVE-2023-46805.

Palo Alto Networks PAN-OS GlobalProtect: CVE-2024-3400

Cisco Internetworking Operating System (IOS) XE: CVE-2023-20273 & CVE-2023-20198

Cisco IOS and IOS XE: CVE-2023-20198 & CVE-2018-0171


https://bit.ly/4n3jIZA


"...Brett Leatherman (FBI Assistant Director) told media outlets that Salt Typhoon targeted more than 600 organizations across 80 countries."


"The international coalition also called out three China-based entities affiliated with Salt Typhoon – Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology, and Sichuan Zhixin Ruijie Network Technology – that it accused of providing cyber products and services to China's Ministry of State Security and People's Liberation Army."


"In addition to the four US agencies (FBI, CISA, National Security Agency, and Department of Defense Cyber Crime Center), the UK's National Cyber Security Centre plus government agencies in Australia, Canada, New Zealand, the Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland, and Spain also co-issued the security alert."


"'In addition to targeting telecommunications, reported targeting of hospitality and transportation by this actor could be used to closely surveil individuals,' he said. 'Information from these sectors can be used to develop a full picture of who someone is talking to, where they are, and where they are going.'"




Tuesday, July 1, 2025

Cyber Criminals Target African Financial Institutions Using Open Source Tools

 

Palo Alto Networks Unit 42 has uncovered a sophisticated threat campaign, CL-CRI-1014, that’s been quietly targeting financial institutions across Africa since mid-2023. What’s striking about this campaign is not just the tooling, but the strategy.

Instead of using custom malware, the attackers rely on publicly available and open-source tools — commonly used by IT admins and red team members. They then go a step further: forging digital file signatures to make malicious payloads look like legitimate software from trusted vendors.

This allows them to:

  • Bypass basic endpoint defenses

  • Maintain long-term access without triggering alerts

  • Blend in with legitimate traffic and processes

This is yet another sign that attackers are moving away from complex malware and toward abusing what’s already in the environment. And with trust in file signatures being exploited, traditional security signals are no longer enough.

Lessons Learned:

  1. Trust can be weaponized – even signed and open-source tools can be abused.

  2. Initial access isn’t always loud – attackers may dwell silently before selling access.

  3. Detection must go deeper – beyond file signatures, focus on behavior and persistence.

  4. Open-source ≠ risk-free – validate and monitor every tool in your environment.

  5. Assume visibility gaps exist –  Prioritize collecting security data from devices and network traffic.


Monday, June 16, 2025

Interpol Targets Infostealers

Contrary to popular belief, the cyber world isn’t always a place where the bad guys win. When nations work together, even the most elusive cybercriminals can be brought to justice. The fight against cybercrime is not a one-country job—it requires global coordination, shared intelligence, and strong commitment from all sides.

Interpol’s recent “Operation Secure” is a prime example of how international cooperation can lead to real, measurable results. This operation, which ran from January to April 2025, focused on cracking down on infostealer malware operations across Asia. As a result, authorities arrested 32 individuals in different countries, seized 41 servers, and took down around 20,000 malicious IP addresses and domains.

I was most impressed by how many countries joined forces—26 in total took part in this operation. As digital threats continue to grow in complexity and scale, we need more of these joint operations. It’s a reminder that by standing together, sharing resources, and acting decisively, we can disrupt the criminal networks that thrive in the shadows of the internet.


https://bit.ly/4kNU5va