Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Google Navigates EU Regulatory Pressure With Search Policy Shift

  A growing regulatory backlash against search ranking practices has forced Alphabet's Google to reevaluate portions of its spam enforce...

All the recent news you need to know
ShinyHunters
Academic Network Security Canvas cyberattack Data Breach Education Sector Security Phishing Threats Ransomware Attack ShinyHunters

Ransomware Attack Disrupts Grading Platform Used by LBUSD Cal State and LBCC


 

A cyberattack linked to the ShinyHunters extortion group temporarily disrupted educational operations across a number of educational institutions in the United States, causing concern over the potential exposure of sensitive student and faculty data. These institutions continued to restore access to Canvas this week. Although several universities and school districts have been able to resume normal access following recovery efforts coordinated by Canvas parent company Instructure, the incident continues to affect portions of the education sector. 

Administrators have assessed the broader impacts of the breach and reviewed claims regarding the compromise of data belonging to hundreds of millions of platform users around the world. After the incident was triggered on Thursday, teachers and students at Long Beach Unified School District, California State University Long Beach and Long Beach City College were suddenly unable to access Canvas, the cloud-based platform widely used for coursework, grades, assignments and internal communication, the operational impact of the incident became more apparent. 

According to district officials, they were informed earlier this week that Instructure, the company which provides Canvas, had discovered that certain user-identifying information related to customer environments had been accessed without authorization. In spite of the company's initial assertion that the incident had been contained and that core platform operations continued, educators later reported that login attempts redirected users to ransom-style messages allegedly associated with the ShinyHunters cybercriminal group upon attempting to log in.

Apparently, the notice instructed affected institutions to engage a cyber advisory firm and negotiate payment terms before a specified deadline otherwise compromised data could be exposed to the public. Despite the fact that the full extent of the intrusion is still under investigation, notifications sent to campus users indicate that names, email addresses, institutional identification numbers, and confidential communications may have been compromised. 

A response from Instructure was that portions of the platform environment had been disabled, the underlying vulnerability had been rectified, digital forensic specialists were engaged, and federal authorities, including the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, were coordinated. 

A significant number of academic institutions are experiencing the disruption at the same time, with final examinations at California State University Long Beach rapidly approaching. Since Canvas serves as the primary repository for instructional content, coursework, and student records, several educators have described the outage as operationally disrupting, even though some teachers have been able to maintain continuity by using externally hosted materials and collaboration tools through Google. 

Cybersecurity experts caution that, while the current incident has mainly disrupted colleges and universities, K-12 institutions have also faced repeated operational and data security challenges related to attacks against the education technology infrastructure. Researchers referred to the Los Angeles Unified School District cyberattack of 2022, when a ransomware-related intrusion disabled critical district systems over Labor Day weekend, disrupting internal communication, attendance tracking, and classroom instruction. 

Approximately 2,000 student assessment records, together with additional sensitive information, including driver’s license numbers and Social Security numbers accumulated over multiple years, were later published on the dark web as a result of the incident. Recovery efforts lasted for weeks during which administrative and technical staff restored systems and coordinated password resets for over 600,000 user accounts.

According to security researchers, incidents associated with platforms such as Canvas can create long-term phishing and social engineering risks even after services have been restored. A Norton security analyst, Luis Corrons, emphasized that information exposed by the company includes names, institutional email addresses, student identification numbers, and internal academic communications, which could provide threat actors with the necessary context to create highly convincing phishing campaigns impersonating legitimate school notifications regarding grades, coursework, financial aid, and password resets.

In addition to Anton Dahbura's concerns, the executive director of the Johns Hopkins University Information Security Institute advised institutions that residual risk may continue to exist after platform access has been restored, and cautioned against operating under this assumption. According to Dahbura, colleges and universities should encourage students and employees to change their passwords, review authentication tokens, and audit integrations with third-party platforms connected to Canvas environments. 

Likewise, colleges and universities should keep a close eye on follow-on phishing activity targeting them. Further, he emphasized that higher education is increasingly reliant on a single instructional platform, which represents a systemic risk as a whole. He advised academic institutions to develop resilience plans, implement additional security controls, and develop alternative instructional workflows that can support continuity during prolonged service interruptions. 

A centralized cloud-based learning infrastructure in the educational sector has further increased the cybersecurity vulnerability of the sector. As a result of a single third party platform compromise, thousands of academic institutions may be disrupted simultaneously if a single compromise occurs.

A continuing forensic investigation and recovery effort will require security teams on affected campuses to focus on credential protection, phishing monitoring, and access-review procedures, while assessing the degree of integration instructional platforms, such as Canvas, have made with broader institutional networks.
Read more »
Water Plant
Critical Infrastructure Cyber Attacks Poland U.S. Threat Water Plant

Poland Water Plant Hacks Expose Growing Cyber Threat to U.S. Infrastructure

 

Poland has revealed a troubling series of cyberattacks against water treatment plants, underscoring how vulnerable critical infrastructure can become when basic security is neglected. According to reporting on the incident, hackers breached industrial control systems at five facilities and, in some cases, gained the ability to change operational settings that affect pumps, alarms, and treatment equipment. 

The most alarming part of the case is not only that the intrusions happened, but that the attackers were able to move beyond simple access and potentially influence the treatment process itself. That raises the stakes from data theft or disruption to a direct public safety concern, because water systems depend on precise controls to keep supply safe and stable.

Investigators say the entry points were surprisingly basic: weak passwords and systems exposed directly to the internet. Those are avoidable failures, which makes the incident more frustrating for defenders and more attractive to attackers looking for easy ways into high-value targets. The fact that the affected facilities were part of essential municipal infrastructure shows how a small security gap can become a large civic risk. 

The timing matters because Poland’s experience fits a broader pattern of hostile activity against critical infrastructure across Europe and beyond. Polish authorities have linked parts of the campaign to Russian-aligned threat actors, describing the attacks as part of a wider effort to destabilize public services and test national resilience. Whether the goal is espionage, sabotage, or intimidation, water plants are now clearly on the list of targets. 

The United States faces a similar danger. American water utilities have repeatedly drawn warnings from federal agencies, and public reports have shown that many systems still rely on outdated controls, weak access policies, and insecure remote connections. Regulators have also warned that unprotected human-machine interfaces can let unauthorized users view or adjust real-time settings, which is exactly the kind of weakness attackers look for.

The lesson is simple: water security is no longer just an engineering issue, but a cybersecurity priority. Utilities need stronger passwords, network segmentation, tighter remote access controls, and continuous monitoring of industrial systems. If governments and operators do not treat water plants as critical digital assets, the next successful breach could do more than interrupt service; it could threaten public trust in something people depend on every day.
Read more »
virus
Antivirus malware ransomware spyware trojans virus

Virus, Malware, or Spyware? Here’s What They Really Mean

 




Many people casually refer to every cyber threat as a “virus,” but cybersecurity professionals use a much broader classification system. A security program that only defended against traditional computer viruses would offer very limited protection today because viruses represent just one form of malicious software. Modern antivirus platforms are designed to detect and block many different categories of malware, including ransomware, spyware, trojans, credential stealers, rootkits, and bot-driven attacks.

Traditional computer viruses have also become less common than they once were. Most modern cybercriminal groups are financially motivated and prefer attacks that generate revenue rather than simple disruption or digital vandalism. Spyware operators profit from stolen personal information, banking trojans attempt to drain financial accounts directly, and ransomware gangs demand cryptocurrency payments from victims in exchange for restoring encrypted files. Because current security tools already defend against a wide range of malicious software, most users do not usually need to distinguish one malware family from another during day-to-day use.

At the same time, understanding these terms still matters. News reports about cyberattacks, data breaches, espionage campaigns, and ransomware incidents often contain technical language that can confuse readers unfamiliar with cybersecurity terminology. Knowing how different forms of malware behave makes it easier to understand how attacks spread, what damage they cause, and why security researchers classify them differently.

A traditional virus spreads when a user unknowingly launches an infected application or boots a compromised storage device such as a USB drive. Viruses generally try to remain unnoticed because their ability to spread depends on avoiding detection long enough to infect additional files, programs, or devices. In many cases, the malicious payload activates only after a specific date, time, or triggering condition. Earlier generations of viruses often focused on deleting files, corrupting systems, or displaying disruptive messages for attention. Modern variants are more likely to steal information quietly or help conduct distributed denial-of-service attacks that overwhelm online services with massive volumes of internet traffic.

Worms share some similarities with viruses but spread differently because they do not necessarily require users to open infected files. Instead, worms automatically replicate themselves across connected systems and networks. One of the earliest examples, the Morris worm of 1988, was originally intended as an experiment to measure the size of the developing internet. However, its aggressive self-replication consumed enormous amounts of bandwidth and disrupted numerous systems despite not being intentionally designed to cause widespread destruction.

Trojan malware takes its name from the ancient Greek story of the Trojan Horse because it disguises malicious code inside software that appears safe or useful. A trojan may present itself as a game, utility, browser tool, mobile application, or software installer while secretly performing harmful actions in the background. These threats often spread when users unknowingly download, share, or install infected files. Banking trojans are particularly dangerous because they can manipulate online financial transactions or steal login credentials directly. Other trojans harvest personal information that can later be sold through underground cybercrime marketplaces.

Some malware categories are defined less by how they spread and more by what they are designed to do. Spyware, for example, focuses on monitoring victims and collecting sensitive information without consent. These programs may capture passwords, browsing histories, financial information, or login credentials. More invasive forms of spyware can activate webcams or microphones to observe victims directly. A related category known as stalkerware is frequently installed on smartphones to monitor calls, messages, locations, and online activity. Because surveillance-focused malware has become increasingly common, many modern security products now include dedicated spyware protection features.

Adware primarily generates unwanted advertisements on infected devices. In some cases, these advertisements are targeted using data gathered through spyware-related tracking techniques. Aggressive adware infections can become so intrusive that they interfere with normal computer use by flooding browsers, redirecting searches, or constantly displaying pop-up windows.

Rootkits are designed to hide malicious activity from operating systems and security software. They manipulate how the system reports files, processes, or registry information so infected components remain invisible during scans. When security software requests a list of files or registry entries, the rootkit can alter the response before it is displayed, effectively concealing the malware’s presence from the user and from defensive tools.

Bot malware usually operates silently in the background and may not visibly damage a computer at first. Instead, infected devices become part of remotely controlled botnets managed by attackers sometimes referred to as bot herders. Once connected to the botnet, systems can receive commands to send spam emails, participate in coordinated cyberattacks, or overwhelm websites with malicious traffic. This arrangement also helps attackers hide their own infrastructure behind thousands of compromised machines.

Cryptojacking malware secretly hijacks a device’s processing power to mine cryptocurrencies such as Bitcoin. Although these infections may not directly destroy data, they can severely slow systems, increase electricity usage, drain battery life, and contribute to overheating problems because of constant processor strain.

The malware ecosystem also includes droppers, which are small programs designed specifically to install additional malicious software onto infected systems. Droppers often operate quietly to avoid attracting attention while continuously delivering new malware payloads. Some receive instructions remotely from attackers regarding which malicious programs should be installed. Cybercriminal operators running these distribution systems may even receive payment from other malware developers for spreading their software.

Ransomware remains one of the most financially damaging forms of cybercrime. In most attacks, the malware encrypts documents, databases, or entire systems and demands payment in exchange for a decryption key. Security software is generally expected to detect ransomware alongside other malware categories, but many cybersecurity professionals still recommend additional dedicated ransomware defenses because the consequences of missing a single attack can be devastating. Hospitals, schools, businesses, and government organizations around the world have all experienced major operational disruptions linked to ransomware campaigns.

Not every program claiming to improve cybersecurity protection is legitimate. Fake antivirus products, commonly called scareware, are designed to frighten users with fabricated infection warnings and pressure them into paying for unnecessary or malicious software. At best, these programs provide no meaningful protection. At worst, they introduce additional security risks or steal financial information entered during payment. Many scareware campaigns rely on alarming pop-ups and fake scan results to manipulate victims psychologically.

Identifying fake security products has become increasingly difficult because many now imitate legitimate software convincingly. Cybersecurity experts generally recommend checking trusted reviews and downloading security tools only from reputable vendors or established sources. Fraudulent review websites also exist, making careful verification especially important before installing security software.

Modern malware rarely fits neatly into a single category. One malicious program may spread like a virus, steal information like spyware, and hide itself using rootkit techniques simultaneously. Likewise, modern security solutions rely on multiple defensive layers rather than antivirus scanning alone. Comprehensive security suites may include firewalls that block network-based attacks, spam filters that intercept malicious email attachments, phishing protection systems, and virtual private networks that help secure internet traffic. Some VPN services, however, restrict advanced features behind additional subscription payments.

The term “malware” ultimately serves as a broad label covering every type of software intentionally created to harm systems, steal information, spy on users, disrupt operations, or provide unauthorized access. Industry organizations such as Anti-Malware Testing Standards Organization often prefer the term “anti-malware” because it reflects the wider range of threats modern security tools must address. However, most consumers remain more familiar with the word “antivirus,” which continues to dominate the industry despite the changing nature of cyber threats.

Understanding these distinctions does not require becoming a cybersecurity specialist, but it does help people recognize how varied modern digital threats have become. From ransomware and spyware to botnets and credential-stealing trojans, malicious software now exists in many different forms, each designed for a specific purpose within the broader cybercrime economy.

Read more »
Suparna Sharma
Anand RK Cyber Fraud cyber fraud India Digital Arrest Scam illustrated journalism online scams Suparna Sharma

Pulitzer-Winning Journalists Expose the Human Cost and Hidden Network Behind Digital Arrest Scams

 

Digital arrest scams in India are rapidly expanding by exploiting fear, trust, and emotional vulnerability. Pulitzer-winning journalists Suparna Sharma and Anand RK recently shed light on this growing menace through their acclaimed Bloomberg illustrated investigation, Trapped.

In an interaction with The Federal, the duo discussed how visual storytelling can strengthen journalism, the psychological manipulation behind digital arrest scams, and why many educated young Indians are getting drawn into cybercrime networks amid rising unemployment and economic pressure.

Rise of Illustrated Journalism

Speaking about Trapped, Sharma explained that journalism today must focus not only on strong reporting but also on engaging presentation styles, especially for younger audiences with shrinking attention spans. According to her, illustrated journalism makes complicated subjects easier to understand and more immersive for readers.

She humorously admitted that creating the project made the team “a little kuku” because of the intense effort involved. However, she maintained that innovative storytelling methods are essential for connecting with audiences who consume information quickly through scrolling and swiping.

Sharma said journalists now need to adapt to a generation that decides everything “in one second”, adding that experimentation in storytelling is necessary because young readers will eventually shape the nation’s future.

Reporting Rooted in Reality

Anand RK explained that the illustrations in Trapped were built on extensive field reporting rather than imagination alone. Even before the script was completed, the team visited Lucknow to closely observe the victim’s surroundings and gather visual references.

He said the reporters also accessed photographs from inside the victim’s home to ensure the visuals remained authentic and grounded in reality.

At the same time, Anand RK highlighted that illustrated journalism allows creative freedom that traditional documentaries often cannot achieve. For instance, when the victim was bombarded with fake legal notices on her phone, the team depicted her standing before a massive flood of documents — a symbolic representation that amplified the emotional impact of the scene.

Trust Became the Victim’s Weakness

The story revolves around neurologist Dr Ruchika Tandon, who became a victim of a digital arrest scam despite being highly educated and professionally accomplished.

Sharma described Tandon as intelligent and successful, but not particularly comfortable with digital technology. She revealed that the doctor was still using a Nokia keypad phone when the fraudsters first contacted her.

According to Sharma, the scammers even persuaded Tandon to purchase a smartphone to continue the operation. The journalist stressed that the victim’s downfall stemmed not from ignorance, but from trust and honesty.

Sharma explained that Tandon belonged to a generation that took pride in following rules and staying away from legal trouble. During the fake “digital arrest”, the scammers instructed her to isolate herself and falsely claim illness at work. However, Tandon reportedly resisted because she did not want to lie.

Recalling the incident, Sharma said the doctor repeatedly insisted that she had “never lied” in her life. She described Tandon as “a beautiful, simple, brilliant woman who just trusts people”.

The journalists also investigated the organised ecosystem operating behind these cyber frauds. Anand RK said the team initially wanted to present the story from the perspectives of scammers and law enforcement officials as well, because ending the narrative with the victim’s financial loss alone felt incomplete.

Sharma revealed that the investigation took the team to states such as Odisha and Bihar, where they met individuals linked to different departments within scam operations. She compared the system to a corporate setup with specialised divisions handling separate functions.

Among those connected to the network were former employees of HSBC, Axis Bank, and Bandhan Bank. The journalists also encountered a highly educated woman allegedly responsible for converting stolen money into cryptocurrency through peer-to-peer systems. Scammers reportedly referred to her as the “P2P aunty”.

Sharma explained that many digital arrest scams ultimately end with money being converted into cryptocurrency, making it difficult for authorities to trace the transactions. The reporters additionally found links to a former Aadhaar centre operator and an ex-Indian Navy employee within the scam network.

Sharma argued that rising unemployment and growing aspirations among India’s youth are contributing factors behind the rise of cybercrime.

According to her, many young people were promised opportunities and prosperity in a “New India”, but economic realities have failed to match those expectations. She believes scam networks are taking advantage of this frustration and desperation.

The journalist recounted the story of a scammer from a Mumbai slum who previously worked for Reliance Jio for Rs 13,000 a month despite holding an MCom degree and multiple diplomas. The man later moved to Cambodia, where he reportedly earned between Rs 60,000 and Rs 80,000 monthly at a scam operation.

Sharma remarked that India was effectively “exporting scammers”.

The discussion concluded with both journalists expressing hope that the recognition received by Trapped would help spread awareness about cyber fraud and digital arrest scams across the country.

Read more »
Token Theft
AI AI Economy Crypto Technology Token Pilfering Token Theft

Token Pilfering: How Token Theft is Plaguing Cybersecurity


AI economy and computing threat

The rising AI economy is bringing a new type of cybercrime. Cybercriminals are scamming AI firms by signing up for new accounts to steal tokens via computing power. The problem is getting worse, according to Patrick Collison, CEO of payment behemoth Stripe. The token hackers now amount for one in every six new customer subscriptions.

Token pilfering

Experts said that the threat actors steal the tokens to later sell them on the dark web. ‘Token pilfering’ has plagued the cybersecurity world and is becoming quite expensive for AI startups to give free trials to potential customers.

Startups attacked for money

It is not new for hackers to attack startups. With the AI economy rising, it has created fractures for hackers because with traditional software trials, a registration for an AI firm brings valuable tokens for compute power that hackers can sell later.

The token theft

The most neglected subject in AI is token theft. Because they are using tokens at machine speed, these attackers can swiftly accrue enormous consumption bills that they never plan to pay and burn inference costs. This is one of the most frightening aspects of that.

In order to use the tokens for purposes unrelated to what the company is delivering or to resell them, token theft sometimes involves thieves creating many accounts at an AI company and across multiple firms. They always vanish after using up all of the tokens; Sands compared this swindle to those who "dine and dash" at restaurants.

Attack tactic

The problem surfaces as the crooks use agents to steal the tokens in minutes. Unlike a traditional software company, the cybercrime happens too fast for the organization to address the issue.

It is hell for AI firms who want to give out free trials to get more new users. Typically, it costs nothing for a firm to give out free trials on a temporary basis, but for AI firms, the customer-acquisition costs can go up to $500 due to scammers abusing the startup policies of giving out free tokens for trial accounts.

Token epidemic

The token epidemic has created problems for startups. Few have stopped free trials, but it has affected their growth as it shuts down the opportunities to get new customers.

Luckily, one solution exists. According to Stripe, there exists a product called Radar that works as a default fraud detector in the credit card payment network, adapts tools, and helps clients find and block token fraud.

Read more »
Worm Infection
Credential Stealer Linux Shell malware PCPJack Worm Worm Infection

PCPJack Worm Steals Cloud Credentials While Wiping Out TeamPCP Infections

 

A new malware framework called PCPJack is drawing attention because it not only steals credentials from exposed cloud systems but also wipes out traces of TeamPCP infections before taking over the environment. The campaign shows how one criminal group can piggyback on another group’s compromised infrastructure to expand access, harvest secrets, and monetize stolen data. 

PCPJack begins with a Linux shell script that creates a hidden workspace, installs Python dependencies, downloads extra modules, sets up persistence, and launches an orchestrator that manages the infection. During that startup sequence, it actively searches for TeamPCP processes, services, files, containers, and persistence artifacts, then removes them so its own payload can operate without interference. That behavior makes the malware unusually aggressive even by cloud-threat standards. 

Once inside a host, the framework focuses on credential theft across cloud, container, developer, productivity, and financial services. Reported targets include SSH keys, environment files, tokens, Docker and Kubernetes secrets, WordPress configs, and logins for services such as AWS, Slack, GitHub, OpenAI, Anthropic, Discord, and Office 365. Researchers also noted that the malware exfiltrates data to Telegram after encrypting it and splitting it into small chunks to fit message limits. 

The worm-like spread is what makes PCPJack especially dangerous in exposed cloud environments. It is built to move laterally, search for additional systems, and exploit vulnerable web applications and services such as Docker, Kubernetes, Redis, MongoDB, RayML, and other internet-facing infrastructure. It does not appear to rely on cryptomining, which suggests the main motive is stolen-access monetization through fraud, spam, extortion, or credential resale.

Organizations can reduce risk by hardening cloud access and secrets management, enforcing MFA, and limiting exposure of Docker, Kubernetes, and web applications. Security teams should also monitor for unusual shell-script activity, hidden directories, unexpected persistence, and outbound traffic to attacker-controlled messaging channels. In practice, PCPJack is a reminder that cloud intrusions are increasingly iterative, with one attacker cleaning up another’s mess only to create a new one.
Read more »
Subscribe to: Posts (Atom)

Featured