@cyberscoop.com
//
A 19-year-old college student from Worcester, Massachusetts, Matthew Lane, has agreed to plead guilty to charges related to a massive cyberattack on PowerSchool, a cloud-based education software provider. The cyberattack involved extorting millions of dollars from PowerSchool in exchange for not leaking the personal data of millions of students and teachers. Lane exploited stolen credentials to gain unauthorized access to PowerSchool's networks, leading to the theft of sensitive student and teacher data.
The data breach is considered one of the largest single breaches of American schoolchildren's data, affecting approximately 62.4 million students and 9.5 million teachers. According to court documents, Lane obtained stolen data from a U.S. telecommunications company before targeting PowerSchool. After the initial victim refused to pay a ransom, Lane allegedly sought to hack another company that would pay. The stolen information included sensitive details like Social Security numbers and academic records. Lane will plead guilty to multiple charges, including cyber extortion conspiracy, cyber extortion, unauthorized access to protected computers, and aggravated identity theft. The incident has been described by authorities as a serious attack on the economy, with the potential to instill fear in parents regarding the safety of their children's data. This case highlights the increasing risk of cyberattacks targeting educational institutions and the importance of robust cybersecurity measures to protect student and teacher data. References :
Classification:
Dissent@DataBreaches.Net
//
Pearson, the global education and publishing giant, has confirmed it suffered a cyberattack resulting in the theft of corporate data and customer information. The breach was discovered by BleepingComputer, who reported that the attackers gained unauthorized access to Pearson's systems. Pearson, a UK-based company, is a major player in academic publishing, digital learning tools, and standardized assessments, serving schools, universities, and individuals across over 70 countries.
Pearson stated that after discovering the unauthorized access, they acted to stop the breach, investigate the incident, and ascertain what data was affected with forensics experts. They also supported law enforcements investigation. Furthermore, Pearson said they've taken steps to deploy additional security measures onto their systems, including enhanced security monitoring and authentication. BleepingComputer was tipped off that someone used an exposed GitLab Personal Access token to compromise Pearson’s development environment in January 2025. The token was found in a public .git/config file, with the attackers using this access to find even more login credentials, hardcoded in the source code, which they then used to infiltrate the company’s network and steal corporate and customer information. The company downplayed the significance of the breach, suggesting the stolen data was largely outdated, referring to it as "legacy data." Pearson has not disclosed the number of individuals affected, nor the specific types of information exposed. There was no employee information among the stolen files, it was confirmed. References :
Classification:
Pierluigi Paganini@Security Affairs
//
Microsoft has issued a warning regarding a recent password spraying attack targeting the education sector. The tech giant has identified the threat actor behind these attacks as Storm-1977. This group is actively targeting cloud tenants within educational institutions, attempting to gain unauthorized access through compromised credentials.
Storm-1977 employs a Command Line Interface (CLI) tool called AzureChecker.exe in its attacks. This tool is used to retrieve AES-encrypted data from an external server, which contains a list of targets for the password spraying. Additionally, AzureChecker accepts a text file ("accounts.txt") containing username and password combinations. It then uses this information to attempt validation against target tenants. In one successful instance, Storm-1977 exploited a guest account to create a resource group within a compromised subscription. The attackers proceeded to create over 200 containers within this group, using them for illicit cryptocurrency mining. Microsoft advises organizations to secure container deployments and runtimes, monitor Kubernetes API requests, and implement policies to prevent deployments from untrusted registries to mitigate such activities. References :
Classification:
|