At a Glance.
- Update: MOVEit breach of New York public schools.
- Unsolicited, malicious smartwatches are being sent to US military members across the services.
- University of Manchester confirms it was the victim of a cyberattack.
Update: MOVEit breach of New York public schools.
New York Public schools were among those affected by Cl0p’s MOVEit attacks, with nearly 45,000 students and staff having their personal information stolen. The Daily News reports that “Sensitive data about 45,000 New York City public school students — as well as information about staff and school service providers — were compromised in a worldwide cyberattack, city education officials said Friday, June 23rd.”
In a statement sent to News 12, the Bronx, the NYC Department of Education said. “The safety and security of our students and staff, including their personal information and data, is [sic] of the utmost importance for the New York City Department of Education. We recently learned of a security vulnerability in a third-party file-sharing software, MOVEit, which has impacted both private and government customers globally. Working with NYC Cyber Command, we immediately took steps to remediate, and an internal investigation revealed that certain DOE files were affected. Currently, we have no reason to believe there is any ongoing unauthorized access to DOE systems. We will provide impacted members of the DOE community with more information as soon as we are able.” Among the stolen data are social security numbers, names, dates of birth and student and employee IDs.
Unsolicited, malicious smartwatches are being sent to US military members across the services.
Infosecurity Magazine writes that US military members from all services have reported receiving unsolicited smartwatches which have been assessed to have malware and Wi-Fi auto-connect capabilities which allows them to connect to a user’s smartphone without prompting. “Officials have raised concerns that these products may be part of a tactic known as Brushing, which involves sending products, often counterfeit, to unsuspecting individuals in order to generate positive reviews in their name.” Service members who received these smartwatches are being ordered to not turn them on and report the instance immediately to their counterintelligence office. The smartwatches are thought to be able to obtain user data and saved files from the affected smartphone and potentially even banking information.
The brushing effort seems to be targeting service members from all departments of the armed forces. “Junior-enlisted members of the military don’t make a ton of money, so getting a free smartwatch in the mail would certainly be exciting for many,” Rick Holland, a cyber security executive and veteran, told CNN.
University of Manchester confirms it was the victim of a cyberattack.
The Record writes that the University of Manchester confirmed on Friday, June 23rd, that it had indeed been a victim of a cyber attack that resulted in the theft of current and former student information. Though the university hasn’t released exactly how much (or what kind of) information was stolen, it reports “Based on our investigations we believe that a small proportion of data has been copied that relates to some students, and some alumni.” BleepingComputer reported that this comes after the attackers had emailed students from the university claiming they had stolen 7TB of student information. BleepingComputer writes, ”The university said it's collaborating with relevant authorities to investigate the incident, including the Information Commissioner's Office, the National Cyber Security Centre (NCSC), the National Crime Agency, and other regulatory bodies.”