CyberSecurity news

FlagThis - #education

Carly Page@TechCrunch //

PSEA Data Breach Exposes Personal Information of 500,000 Members - The Pennsylvania State Education Association (PSEA) experienced a data breach in July 2024, exposing the personal information of over 500,000 members.
The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, has announced a significant data breach affecting over 500,000 members. The breach, which occurred in July 2024, resulted in attackers stealing sensitive personal information. PSEA is now notifying the impacted individuals about the incident and the potential risks.

The stolen data includes highly sensitive information, such as government-issued identification documents, Social Security numbers, passport numbers, medical information, and financial data like card numbers with PINs and expiration dates. Member account numbers, PINs, passwords, and security codes were also accessed. PSEA took steps to ensure, to the best of its ability and knowledge, that the stolen data was deleted.

Recommended read:
References :
  • bsky.app: The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach.
  • BleepingComputer: The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach.
  • techcrunch.com: US teachers’ union says hackers stole sensitive personal data on over 500,000 members
  • www.bleepingcomputer.com: Pennsylvania education union data breach hit 500,000 people
  • The Register - Security: Attackers swipe data of 500k+ people from Pennsylvania teachers union
  • The DefendOps Diaries: Understanding the PSEA Data Breach: Lessons and Future Prevention
  • : The Pennsylvania State Education Association (PSEA) has sent breach notifications to over 500,000 current and former members
  • Zack Whittaker: Pennsylvania's biggest union for educators had a data breach, exposing over half a million members' personal information.
  • securityaffairs.com: Pennsylvania State Education Association data breach impacts 500,000 individuals
  • Carly Page: The Pennsylvania State Education Association says hackers stole the sensitive personal and financial information of more than half a million of its members.  PSEA said it “took steps†to ensure the stolen data was deleted, suggesting it was the target of a ransomware or data extortion attack, and subsequently paid a ransom demand to the hackers responsible
  • infosec.exchange: NEW: A zero-day provider that exclusively sells to the Russian government is offering up to $4 million for flaws in Telegram. This announcement offers a glimpse into what the Russian government may be especially interested in, and willing to pay (even at a premium), right now. Sources in the industry tell me the prices offered are broadly right.
  • securityaffairs.com: Zero-day broker Operation Zero offers up to $4 million for Telegram exploits
  • techcrunch.com: Russian zero-day seller is offering up to $4 million for Telegram exploits
  • CyberInsider: Cyber Insider article about Russian Zero-Day Firm Offering Record $4 Million for Telegram Exploits
  • www.techradar.com: Data breach at Pennsylvania education union potentially exposes 500,000 victims
Aman Mishra@gbhackers.com //

Google Issues Phishing Warning for Education Sector - Google's Mandiant Threat Intelligence team warned of phishing campaigns targeting higher education institutions, and Google is replacing Gmail’s SMS authentication with QR codes to reduce SMS abuse.
Google, in collaboration with its Mandiant Threat Intelligence team, has issued a warning about a surge in phishing campaigns targeting higher education institutions in the United States. These campaigns, observed since August 2024, have exploited the academic calendar and institutional trust to deceive students, faculty, and staff. The attacks have been linked to a broader campaign dating back to at least October 2022, targeting thousands of users monthly.

The phishing attacks are strategically timed to coincide with key academic events such as the start of the school year and financial aid deadlines. Attackers have tricked victims into revealing sensitive credentials and financial information by leveraging these high-pressure periods. The campaigns employ various tactics, including hosting malicious Google Forms on compromised university domains and cloning university login portals to carry out payment redirection attacks. Google is addressing security concerns surrounding SMS 2FA codes by replacing Gmail’s SMS authentication with QR codes in the coming months.

Recommended read:
References :
  • gbhackers.com: Google, in collaboration with its Mandiant Threat Intelligence team, has issued a warning about a surge in phishing campaigns targeting higher education institutions in the United States.
  • Virus Bulletin: Researchers from Google's Mandiant have observed a notable increase in phishing attacks targeting the education sector. These attacks, timed to coincide with key dates in the academic calendar, exploit trust within academic institutions to deceive students, faculty & staff.
  • Cyber Security News: Google, in collaboration with Mandiant, has issued a warning about a surge in phishing campaigns targeting higher education institutions in the United States.
  • Anonymous ???????? :af:: Mandiant reported a surge in phishing campaigns targeting U.S. universities, exploiting trust to deceive students and staff, with tactics like Google Forms and website cloning, coinciding with key academic dates.
  • be4sec: Is your university prepared for the latest wave of phishing attacks? A recent blog post on Google Cloud dives deep into the concerning increase in phishing campaigns specifically targeting higher education institutions.
@securityonline.info //

Lumma Stealer Targets Education via Weaponized PDFs - Malware campaign distributes Lumma Stealer via weaponized PDF documents, targeting educational institutions by exploiting compromised infrastructure to steal sensitive data, including passwords and cryptocurrency wallet details.
A new malware campaign is underway, distributing the Lumma Stealer information stealer via weaponized PDF documents. This campaign specifically targets educational institutions, exploiting compromised infrastructure to deliver malicious LNK files disguised as legitimate PDFs. These files, when executed, initiate a multi-stage infection process designed to steal sensitive data, including passwords, browser information, and cryptocurrency wallet details.

The attackers lure users into downloading these malicious files by disguising them as innocuous documents, such as school fee structures. Once executed, the LNK files trigger PowerShell commands that download and run obfuscated JavaScript code, ultimately deploying the Lumma Stealer payload. The malware employs advanced evasion techniques, including obfuscated JavaScript and encrypted payloads, to avoid detection.

This campaign highlights the urgent need for robust cybersecurity measures within educational institutions and other sectors. Lumma Stealer targets various industries beyond education, including finance, healthcare, technology, and media. The use of compromised educational infrastructure as a distribution channel underscores the vulnerabilities in organizational cybersecurity frameworks.

Recommended read:
References :
  • gbhackers.com: Weaponized PDFs Deliver Lumma InfoStealer Targeting Educational Institutions
  • securityonline.info: Lumma Stealer Malware Campaign Targets Educational Institutions with Deceptive PDF Lures
  • www.cloudsek.com: Lumma Stealer Chronicles: PDF-Themed Campaign Using Compromised Educational Institutions’ Infrastructure
  • gbhackers.com: Weaponized PDFs Deliver Lumma InfoStealer Targeting Educational Institutions
  • Talkback Resources: Lumma Stealer Malware Campaign Targets Educational Institutions with Deceptive PDF Lures [mal]
  • www.silentpush.com: Silent Push recently expanded our research on the “Lumma Stealerâ€� infostealer malware.
@www.bleepingcomputer.com //

Massive Data Breach at PowerSchool - PowerSchool experienced a massive data breach in December 2024, compromising sensitive personal information of students and teachers due to a stolen account credential, with tens of millions potentially impacted.
PowerSchool, a major education software provider, has begun notifying individuals affected by a massive data breach that occurred in late December 2024. The company, which serves over 60 million students, confirmed the breach resulted from a cyberattack where a stolen account credential was used to access their customer support portal. This allowed attackers to exfiltrate significant amounts of sensitive student and teacher data across the U.S. and Canada. The company is currently working to determine the exact number of affected individuals, but reports suggest tens of millions of students and teachers may have been impacted.

The data breach at PowerSchool is considered one of the largest to hit the education sector recently. While the company has started legally required regulatory notifications and filed a data breach notification with Maine's attorney general, they have not released an official total count of affected individuals, citing an ongoing data review process. It is also known that the compromised account lacked multi-factor authentication, raising questions about PowerSchool’s security measures. Investigations are underway, involving CrowdStrike, to fully determine the scope and details of the breach, which is expected to provide additional information.

Recommended read:
References :
  • techcrunch.com: PowerSchool has begun notifying individuals affected by a December 2024 data breach.
  • www.bleepingcomputer.com: Education software giant PowerSchool has started notifying individuals in the U.S. and Canada whose personal data was exposed in a late December 2024 cyberattack.
  • BleepingComputer: Education software giant PowerSchool has started notifying individuals in the U.S. and Canada whose personal data was exposed in a late December 2024 cyberattack.
  • Carly Page: PowerSchool has begun notifying individuals affected by a December 2024 data breach.
@www.bleepingcomputer.com //

PowerSchool Data Breach Impacts Millions - PowerSchool, a provider of education software, experienced a data breach affecting millions of students and educators, with hackers stealing sensitive historical data.
PowerSchool, a major education software provider, has suffered a significant data breach, with hackers claiming to have stolen the personal information of 62.4 million students and 9.5 million teachers. The breach occurred after attackers gained access to the company's PowerSource customer support portal using compromised credentials. This access allowed them to download sensitive data from school districts in the US and Canada, including names, contact information, dates of birth, medical information, and in some cases, Social Security numbers, impacting potentially millions of individuals. The Toronto District School Board, the largest in Canada, was heavily affected, with over 1.48 million student records and 90,000 teacher records exfiltrated.

PowerSchool has reportedly engaged with CyberSteward to negotiate with the hackers and prevent the public release of the stolen data, with one affected school district suggesting that PowerSchool paid a ransom. While PowerSchool is working with CrowdStrike to produce a forensic report on the incident, it has also stated that no Social Security Numbers had been breached. The company has committed to offering free identity protection services to all those affected, although the release of a full forensic report, initially planned for January 17, has been delayed. The breach highlights serious vulnerabilities in the security of educational institutions and the need for stronger protective measures.

Recommended read:
References :
  • www.techradar.com: PowerSchool breach worse than thought, company says 'all' student and teacher data accessed
  • techcrunch.com: Malware stole internal PowerSchool passwords from engineer’s hacked computer
  • Dataconomy: PowerSchool data breach exposed student data from 1985 to 2024
  • oodaloop.com: Students, Educators Impacted by PowerSchool Data Breach
  • techcrunch.com: Toronto school district says 40 years of student data stolen in PowerSchool breach
  • www.bleepingcomputer.com: The PowerSchool hacker claims that they stole personal data of 62.4M students and 9.5M teachers; in a private customer FAQ, PowerSchool said it paid a ransom (Lawrence Abrams/BleepingComputer)
  • ciso2ciso.com: Millions Impacted by PowerSchool Data Breach – Source: www.securityweek.com
  • www.scworld.com: Over 70M purportedly compromised in PowerSchool hack
  • ciso2ciso.com: Millions Impacted by PowerSchool Data Breach

Posts

Blogs

Research Tools