Tag Archive for: Don’t

Schools don’t have great cybersecurity, and hackers have caught on : NPR


School cyberattacks are on the rise.
School cyberattacks are on the rise.

Scott Elder has a pretty typical morning routine. He wakes up at 7 a.m., drinks coffee and feeds the dogs, Bella (a rat terrier) and Spencer (a Chihuahua). But on Jan. 12, 2022, Elder’s routine was interrupted by a concerning phone call.

Elder is the superintendent of Albuquerque Public Schools in New Mexico, and the call came from his district’s IT department, saying they had found some sort of computer virus.

He recalls thinking, “Oh, we’ve got a bug in the system and they found it so they’ll just kill it and we’ll be done, right?”

The bug was in the student records system. So Elder’s IT staff shut that network down. But that meant teachers wouldn’t have access to basic information about the almost 70,000 students enrolled in New Mexico’s largest school district. Educators couldn’t take attendance, wouldn’t know children’s bus routes and were locked out of grading systems.

Meanwhile, IT staff was desperately trying to figure out whether the computer virus had spread to their health records, security system and payroll.

Over the course of the morning, Elder began to understand the enormity of the situation.

“I would say that I went from mildly disturbed at 7 a.m., to very concerned by 9 a.m., to sick to my stomach by noon because I was beginning to realize that this was not a one-day event, that we had a real problem.”

Then came the ransom demand for more than a million dollars.

School systems of every size have been hit by cyberattacks, from urban districts like Los Angeles and Atlanta, to rural districts in Pennsylvania and Illinois. And the problem has been growing.

While it’s hard to know exactly how many K-12 school systems have been targeted by hackers, an analysis by the cyber security firm Emsisoft estimates that 45 school districts were attacked in 2022. In 2023, Emsisoft found that number more than doubled, to 108.

“The education sector has been and continues to be very heavily…

Source…

Hackers are infecting Macs with malware using calendar invites and meeting links — don’t fall for this


Getting an email with a calendar link for a meeting has become commonplace, but you may want to think twice before clicking on one. That’s because hackers have begun using calendar invites and meeting links to infect unsuspecting users with Mac malware.

As reported by Krebs On Security, cybercriminals are now abusing the popular scheduling tool Calendly in their scams. Like with other malware campaigns, this one uses social engineering to find potential targets but instead of draining their bank accounts, it goes after cryptocurrency.

Source…

What Your SSE’s CASBs Don’t Understand


What Your SSE’s CASBs Don’t Understand

Ten years ago, SaaS data security was not a big concern—since most corporate data was stored in on-prem or homegrown applications. Then, SaaS adoption exploded thanks to improved productivity, lower operational costs and ease of use. Today, SaaS applications are standard across all major verticals and industries worldwide. Every organizational department uses SaaS applications to push business. Moreover, SaaS consumption patterns have evolved over time from internal-only access to collaborative, external access, as well as programmatic, API-based access.

However, early SaaS security solutions called cloud access security brokers (CASB) haven’t evolved alongside the new SaaS era. Initially, CASB solutions offered reverse and forward proxy modes, intended to sit between the end-user’s device and the web to enforce access controls on a network level. While effective in meeting multiple compliance requirement checkboxes and visualizing end-user activity, CASBs in proxy mode don’t understand how SaaS applications work.

Over the years, CASB vendors have introduced secure access service edge (SASE) and zero trust network access (ZTNA) capabilities, eliminating the need for a physical VPN and enabling secure remote access from any network and device. This opened an enormous market for disruption that eventually put SASE at the forefront of leading security vendors.

From there, a new cross-product category emerged to combine ZTNA, CASB and secure web gateway (SWG) into one consolidated offering: security service edge (SSE). Vendors are incentivized to sell as a platform, which makes sense for many reasons (low total cost of ownership, single interface, single support team, single documentation, etc). Yet this bundle still relies on 10-year-old CASB API technology and, again, doesn’t understand how SaaS applications work.

SSE vendors offer a so-called modern CASB in API mode; however, technological gaps in their implementation and architecture pose significant risks in preventing SaaS application data breaches.

SSE vendors had begun to use the SSL proxy capabilities of SWG in front of SaaS applications to decrypt, inspect and…

Source…

NSFW Facebook ads being used to spread dangerous malware — don’t click on these


Hackers have devised a clever new way to trick unsuspecting Facebook users into downloading malware on their computers.

While having your Facebook hacked is bad enough as it is, a new campaign discovered by Bitdefender uses compromised Facebook Business accounts to deliver the NodeStealer malware. 

Source…