Try it
See a demo
sf-24

SecureFact – Cyber Security News – Week of January 27, 2025

PowerSchool hacker claims they stole data of 62 million students

  • The recent cyberattack on PowerSchool, a major provider of educational software, has led to the alleged theft of personal data from 62.4 million students and 9.5 million teachers.
  • The breach was disclosed on January 7, 2025, after hackers accessed the company’s customer support portal using stolen credentials, allowing them to download sensitive information from various school districts’ databases.
  • The hacker’s extortion demand indicated that data from 6,505 school districts across the U.S., Canada, and other countries was compromised.
  • Notable affected districts include the Toronto District School Board, which had over 1.4 million students impacted, and the Dallas Independent School District, with approximately 787,000 students affected.
  • PowerSchool has stated that while they cannot confirm exact numbers due to ongoing investigations, they believe that less than a quarter of the impacted students had their Social Security Numbers exposed.
  • In response to the breach, PowerSchool will offer two years of complimentary identity protection and credit monitoring services to those affected and will notify relevant authorities and stakeholders.

*Source

UnitedHealth confirms 190 million Americans affected by Change Healthcare data breach

  • UnitedHealth Group has confirmed that a significant data breach at Change Healthcare has affected approximately 190 million Americans.
  • The breach, which was disclosed on January 24, 2025, involved unauthorized access to sensitive personal information, including names, addresses, dates of birth, and Social Security numbers.
  • The company stated that they are actively investigating the incident and have implemented measures to enhance security and prevent future breaches.
  • UnitedHealth emphasized their commitment to protecting customer data and will provide updates as more information becomes available.
  • This breach marks one of the largest healthcare-related data compromises in recent history, raising concerns about the security of personal health information across the industry.

*Source

Cloudflare CDN flaw leaks user location data, even through secure chat apps

  • A recently discovered flaw in Cloudflare’s content delivery network (CDN) poses a risk of exposing users’ general location data through secure messaging platforms like Signal and Discord.
  • This vulnerability allows attackers to infer a user’s geographic region by sending them an image, which can trigger a deanonymization attack without user interaction, classifying it as a zero-click attack.
  • The researcher, Daniel, found that by leveraging a bug in Cloudflare Workers, he could manipulate requests to route through specific data centers.
  • This method enables the attacker to identify the nearest airport code based on the CDN’s response, providing location accuracy within 50 to 300 miles.
  • The flaw is particularly concerning for privacy-sensitive individuals such as journalists and activists, while it could assist law enforcement in tracking suspects.

*Source

Account Credentials for Security Vendors Found on Dark Web

  • A recent report by Cyble reveals that account credentials from major cybersecurity vendors are being sold on dark web marketplaces, with prices starting as low as $10.
  • The leaked credentials primarily belong to customers but also include alarming numbers from the vendors themselves, exposing sensitive internal accounts related to enterprise and security systems.
  • The report highlights that the credentials were likely harvested through infostealer malware infecting customer devices.
  • Cyble examined leaks from 14 cybersecurity vendors, including CrowdStrike, Palo Alto Networks, and McAfee, noting that all had both customer and internal credentials compromised this year.
  • Notably, McAfee reported over 600 leaks, while CrowdStrike had more than 300.
  • These leaks could potentially allow hackers to conduct reconnaissance on targeted organizations by revealing system information and vulnerabilities.

*Source

HPE Investigates After Alleged Data Breach

  • Hewlett Packard Enterprise (HPE) is currently investigating an alleged data breach that reportedly exposed sensitive customer information.
  • The company has not confirmed the specifics of the breach or the extent of the data compromised.
  • HPE stated that they are working diligently to assess the situation and are collaborating with cybersecurity experts to understand the incident better.
  • The investigation follows claims made by a hacking group that they have obtained HPE data, which they are threatening to release unless a ransom is paid.
  • HPE has reassured its customers that it takes such incidents seriously and is committed to maintaining data security and integrity.
  • As of now, there are no indications of any operational disruptions within HPE’s services, and the company is focused on ensuring that any vulnerabilities are addressed promptly.
  • Further updates will be provided as the investigation unfolds.

*Source