#hackandleak — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #hackandleak, aggregated by home.social.
-
RE: https://infosec.exchange/@amvinfe/116567370386921171
I realize my view on whether it is ever okay to pay #ransom in a #hackandleak situation is contentious. Great thanks to @amvinfe for asking me to articulate my views. #incidentresponse #mitigation #responsibility #ethics
-
RE: https://infosec.exchange/@amvinfe/116567370386921171
I realize my view on whether it is ever okay to pay #ransom in a #hackandleak situation is contentious. Great thanks to @amvinfe for asking me to articulate my views. #incidentresponse #mitigation #responsibility #ethics
-
RE: https://infosec.exchange/@amvinfe/116567370386921171
I realize my view on whether it is ever okay to pay #ransom in a #hackandleak situation is contentious. Great thanks to @amvinfe for asking me to articulate my views. #incidentresponse #mitigation #responsibility #ethics
-
RE: https://infosec.exchange/@amvinfe/116567370386921171
I realize my view on whether it is ever okay to pay #ransom in a #hackandleak situation is contentious. Great thanks to @amvinfe for asking me to articulate my views. #incidentresponse #mitigation #responsibility #ethics
-
RE: https://infosec.exchange/@amvinfe/116567370386921171
I realize my view on whether it is ever okay to pay #ransom in a #hackandleak situation is contentious. Great thanks to @amvinfe for asking me to articulate my views. #incidentresponse #mitigation #responsibility #ethics
-
I'm not sure I understand why people are trying to research what schools use Canvas. ShinyHunters provided a list of all of the schools that were caught up in this attack:
https://databreaches.net/wp-content/uploads/Claimed-Victims-of-Canvas-Cyber-Incident.txt That list has 8,809 entities listed.
It's not the entire universe of schools that use Canvas, but it's probably an accurate list of the schools that may be affected. A sample list ShinyHunters provided for my earlier report on this incident showed filesizes for: communication_channels.csv.gz, conversation_messages.csv.gz, conversations.csv.gz, and users.csv.gz. There were about 7,780 schools in that sample.
And yeah, hang on to your Tox because Session is closing in July, it seems.
#Instructure #Canvas #ShinyHunters #hackandleak #EduSec #databreach
-
OK, so it seems that #ShinyHunters breached #Instructure again and replaced login pages with their own message to schools about how to contact them directly.
The Canvas login page were replaced with the message in the screenshot below.
Canvas subsequently replaced the login with "under maintenance" pages.
-
@funnymonkey Thanks for the kind words.
Someone commented on my Instructure post with a comment as "Sysadmin." They wrote:
"Are you effin kidding me! We got an Email from Instructure saying we were impacted and now we have to inform all the students and families in our district.
Why do these ShinyHunters keep attacking the edtech sector?? PowerSchool, infinite campus and now this.
It’s only a Sunday night and law enforcement has still done nothing about these hackers. Regulators really need to hold these companies accountable for poor security practices."
They raise valid points.
#edtech #EduSec #cybersecurity #vendor #supplychain #databreach #hackandleak
-
The NYS Department of Financial Services announced that they settled charges against Delta Dental Insurance Co. and Delta Dental of New York stemming from the 2023 Clop/MOVEit data breach.
The state's investigation found that Delta had violated NYS cybersecurity regs in a number of ways.
Delta has agreed to pay $2.25 million, none of which can be paid by their insurers and they can accept any reimbursement for the payment from any source.
I wonder how many other MOVEit customers who do business in New York are also dealing with NYSDFS.
#databreach #hackandleak #supplychain #0day #DeltaDental #MOVEit #Clop #NYSDFS
-
The NYS Department of Financial Services announced that they settled charges against Delta Dental Insurance Co. and Delta Dental of New York stemming from the 2023 Clop/MOVEit data breach.
The state's investigation found that Delta had violated NYS cybersecurity regs in a number of ways.
Delta has agreed to pay $2.25 million, none of which can be paid by their insurers and they can accept any reimbursement for the payment from any source.
I wonder how many other MOVEit customers who do business in New York are also dealing with NYSDFS.
#databreach #hackandleak #supplychain #0day #DeltaDental #MOVEit #Clop #NYSDFS
-
The NYS Department of Financial Services announced that they settled charges against Delta Dental Insurance Co. and Delta Dental of New York stemming from the 2023 Clop/MOVEit data breach.
The state's investigation found that Delta had violated NYS cybersecurity regs in a number of ways.
Delta has agreed to pay $2.25 million, none of which can be paid by their insurers and they can accept any reimbursement for the payment from any source.
I wonder how many other MOVEit customers who do business in New York are also dealing with NYSDFS.
#databreach #hackandleak #supplychain #0day #DeltaDental #MOVEit #Clop #NYSDFS
-
The NYS Department of Financial Services announced that they settled charges against Delta Dental Insurance Co. and Delta Dental of New York stemming from the 2023 Clop/MOVEit data breach.
The state's investigation found that Delta had violated NYS cybersecurity regs in a number of ways.
Delta has agreed to pay $2.25 million, none of which can be paid by their insurers and they can accept any reimbursement for the payment from any source.
I wonder how many other MOVEit customers who do business in New York are also dealing with NYSDFS.
#databreach #hackandleak #supplychain #0day #DeltaDental #MOVEit #Clop #NYSDFS
-
The NYS Department of Financial Services announced that they settled charges against Delta Dental Insurance Co. and Delta Dental of New York stemming from the 2023 Clop/MOVEit data breach.
The state's investigation found that Delta had violated NYS cybersecurity regs in a number of ways.
Delta has agreed to pay $2.25 million, none of which can be paid by their insurers and they can accept any reimbursement for the payment from any source.
I wonder how many other MOVEit customers who do business in New York are also dealing with NYSDFS.
#databreach #hackandleak #supplychain #0day #DeltaDental #MOVEit #Clop #NYSDFS
-
This won't be the end of this controversy, but a California court did not dismiss claims against Bain Capital over the PowerSchool data breach. In considering the timeline and the private equity firm's actions before and after its acquisition of PowerSchool in 2024, the court noted, in part:
"Post-closing, Bain directed PowerSchool to offshore cybersecurity, engineering, and IT functions to contractors, including offshoring required data-management tools that enabled vendors to bypass consent protocols and access protected school district computers directly.
Bain failed to assess data-breach risks from the offshoring it directed.
Post-closing, Bain directed layoffs of at least 5% of PowerSchool’s workforce, including critical domestic IT staff."
Read more from Womble Bond Dickinson at https://www.womblebonddickinson.com/us/insights/alerts/unprecedented-private-equity-firm-potentially-hook-portfolio-companys-data-breach
h/t, JDSupra, The National Law Review
#EdTech #Liability #negligence #PowerSchool #BainCapital #hackandleak
-
Another #EdTech vendor has allegedly fallen prey to #ShinyHunters in yet another Salesforce-related hack-and-leak incident.
Follett Software markets Aspen, Destiny, and Classroom Library Manager software to schools.
The threat actors claim to have acquired 4 million records with PII and other corporate files, and have given Follett until May 4 to contact them.
Because this is Salesforce related, there may actually be very little identifiable information about students or personnel in the customer support data, unless district or school personnel gave students' names or details in seeking help with the software or specific problems.
I guess we'll find out soon.
-
NEW by me:
Silent Ransom Group leaked another big law firm: Orrick, Herrington & Sutcliffe
Silent Ransom Group shared the chat logs of the negotiations with me and also provided some additional details:
@campuscodi @jgreig @aj_vicens
#databreach #HackAndLeak #cybersec
#SilentRansomGroup #SRG #dataleak #Orrick #LawFirmSec