At a glance.
- Ransomware gangs go back to school.
- US university discloses third-party MOVEit breach.
- Robot vacuums collect more than just dust.
Ransomware gangs go back to school.
As K-12 students across the US engage in back-to-school shopping, ransomware groups are gearing up for the new school year as well. The end of summer break is a popular time for school cyberattacks, and the Cleveland City Schools district, which began its fall semester on August 9, has disclosed that it has already suffered a ransomware attack. District spokesperson Caroline Corrigan stated in a letter addressed to families and administrators, "Our district, like many others nationwide, is dealing with a ransomware incident.” Corrigan said that fortunately only 5% of all devices connected to the network were impacted, and school officials say no student or faculty data were compromised. It also appears that in-person classes will continue as scheduled.
As the Record notes, hackers tend to target schools at pivotal moments of the year, like the start of a new school year, when they know administrators will be even more reliant on technology and under pressure to keep operations running smoothly. Indeed, on Monday one of the largest school districts in the country, Prince George's County Public Schools, announced it had also experienced a cyberattack, and on Thursday the infamous Akira ransomware gang added two primary schools to its list of victims.
US university discloses third-party MOVEit breach.
Higher education institutions are also being targeted this time of year, and administrators at the US college University of Missouri have begun informing the school community that it suffered a potential data breach. The attack is yet another incident linked to a vulnerability in the popular MOVEit file transfer application, which has been exploited in a mass-hack impacting thousands of organizations world-wide.
KFVS 12 reports that Pension Benefit Information, LLC, a third-party subcontractor for several university vendors including the University of Missouri, was the target of the hack, and it’s possible school data were among the files compromised. As the investigation unfolds, current and former students and employees have been advised to be wary of any suspicious activity in their accounts.
Robot vacuums collect more than just dust.
Of all of the internet-connected devices that have become so prevalent in recent years, one would hardly guess that smart vacuums would be a great threat to security, but a recent presentation at the cybersecurity conference DEF CON says otherwise. We Live Security reports that last weekend researcher Dennis Giese gave a talk on preventing your robot vacuum cleaner from sending data back to the vendor. Many of these vacuums are equipped with cameras, which some manufacturers claim are only used to help the little robot effectively hoover up dirt without running into obstacles. They also insist the images are never sent back to the cloud.
However, Giese noted that at least one manufacturer offers a feature that allows the consumer to access the camera remotely so they can watch the vacuum work, indicating that the footage is likely shared through the company’s cloud servers. The bad press around such cameras has led some companies to insist their dust-suckers are equipped with only “optical sensors,” but Giese says this is just clever wordplay. Geise also found that some vacuums certified by reputable testing labs were actually plagued with privacy and security issues that apparently went undetected. Researchers advise consumers to seriously vet these products before allowing them to clean your home, and when in doubt, an old-fashioned broom is clearly the most secure – if tedious – option.
(A question: why would you want to watch your vacuum cleaner work while you’re away from home? Seriously–we’d like to know. If you’re a committed vacuum cleaner spectator, let us know and share your joy. You will have touched us; we will have grown.)