Mathieu Tartare writes: In November 2019, we discovered a new campaign run by the Winnti Group against two Hong Kong universities. We found a new variant of the ShadowPad backdoor, the group’s flagship backdoor, deployed using a new launcher and embedding numerous modules. The Winnti malware was also found at these universities a few weeks…
Category: Education Sector
NYS Comptroller Audit of Sackets Harbor Central School District – Information Technology (2019M-208)
The NYS Comptroller released another school district IT audit this week. I’ve been publishing these audit reports for a number of years now because they pretty much all show significant data security failures in protecting student and/or employee personal and sensitive information or assets. Sackets Harbor Central School District is a small school district. It…
UK: Students got £140,000 from University of East Anglia for private data leak
Bethany Wales reports: The leak in June 2017 saw an email containing confidential details about students’ extenuating circumstances sent to hundreds of their peers. The circumstances, detailed in a spreadsheet, included suicidal thoughts, sexual assault, and serious family illnesses and bereavements. Now, a Freedom of Information request has revealed the university’s insurers paid out a…
Cal Poly’s website gave visitors a surprise: hardcore porn
Monica Vaughan reports: An official Cal Poly website for the San Luis Obispo university’s Orfalea College of Business has all the related links you would expect: course descriptions, career pages, student groups and … porn? For several months, it appears that people who clicked to learn more about a professional student group called Information Systems Association were…
CA: Mountain View High School teachers and administrators forced offline after cyber attacker breaches district
Staff at this student-run publication report: The school collected attendance on paper this morning after an unknown digital attacker breached MVLA digital systems, locking many district teachers and administrators out of their MVLA Microsoft accounts and in some cases, other necessary accounts such as Gmail and Aeries, according to MVHS Principal David Grissom. Grissom said…
IL: District 155 system access ‘limited’ after ransomware attack, no data breach, officials say
Cassie Buchman reports: Access to Crystal Lake Community High School District 155’s information systems currently is limited after its computers were infected with ransomware sometime Friday. Read more on Northwest Herald (subscription required)