Information Technology Security Awareness Posts

PayPal Fined for Cybersecurity Failures Exposing Customer Social Security Numbers

PayPal has been fined $2 million by the New York State Department of Financial Services for cybersecurity failures that exposed customers' Social Security numbers. The breach, lasting seven weeks, stemmed from inadequate security measures, including the lack of multifactor authentication. In response, PayPal has implemented stronger security protocols. This case highlights the growing regulatory scrutiny over financial institutions' data protection practices.

By Cybersecurity Team on January 26, 2025

AIDS Vaccine Non-Profit Suffers Hacker Attack

The International AIDS Vaccine Initiative (IAVI) recently suffered a cyber attack, leading to the theft of sensitive data. The breach, which went undetected for several days, prompted an investigation revealing potential compromise of human resources data. IAVI is offering identity protection services to affected individuals and advises vigilant monitoring of financial statements and credit reports.

By Cybersecurity Team on January 26, 2025

LinkedIn Faces Lawsuit Over Private Messages Used for AI Training

LinkedIn is facing a class-action lawsuit over allegations that it used private messages to train AI models without user consent. The lawsuit accuses LinkedIn of violating data privacy laws and breach of contract. This case highlights the growing concerns over how companies handle user data and the need for transparency in privacy policies.

By Cybersecurity Team on January 25, 2025

PowerSchool Data Breach: What You Need to Know

PowerSchool, a major provider of K-12 education technology, suffered a data breach exposing student and teacher information from over 6,500 school districts. The breach compromised names, Social Security numbers, medical records, and academic data. PowerSchool has taken action by notifying authorities and offering identity protection services. Affected individuals should monitor their accounts and stay alert for potential fraud.

By Cybersecurity Team on January 24, 2025

Vulnerabilities in LTE and 5G: A Security Risk Analysis

The transition to 5G brings faster speeds and improved connectivity, but also introduces critical security vulnerabilities. Recent research highlights flaws in LTE and 5G networks that can enable unauthorized access, data interception, and large-scale service disruptions. Weak authentication, backward compatibility, and software vulnerabilities contribute to these risks. Strengthening encryption, real-time monitoring, and securing supply chains are essential to mitigating these threats.

By Cybersecurity Team on January 24, 2025

Trump Administration Eliminates DHS Advisory Committees

The Trump administration has disbanded all DHS advisory committees, including the Cyber Safety Review Board, citing the need to eliminate resource misuse and streamline operations. This move raises concerns about cybersecurity oversight and national security preparedness. Critics warn that dissolving expert panels could weaken the government’s ability to respond to evolving threats, while supporters argue it reduces bureaucratic inefficiencies.

By Cybersecurity Team on January 22, 2025

Former CIA Analyst Pleads Guilty to Leaking Top-Secret Information

A former CIA analyst, Asif William Rahman, has pleaded guilty to unlawfully retaining and leaking top-secret national defense information. He accessed and printed classified documents, later sharing them with unauthorized individuals. Among the leaked data were Israel’s military plans against Iran, which surfaced online. Rahman, arrested in Cambodia, faces up to 10 years in prison per count, highlighting the severe consequences of insider threats to national security.

By Cybersecurity Team on January 22, 2025

Hackers Exploit Zero-Day in cnPilot Routers

Hackers are exploiting a zero-day vulnerability in Cambium Networks' cnPilot routers to deploy the AIRASHI botnet, enabling large-scale DDoS attacks. The botnet, an evolution of AISURU, utilizes advanced encryption and multiple attack vectors, including weak passwords and known exploits. Security experts recommend updating firmware, changing default credentials, and disabling unnecessary remote access to mitigate risks.

By Cybersecurity Team on January 22, 2025

Unsecured Tunneling Protocols Expose 4.2 Million Hosts

Recent research reveals that over 4.2 million internet hosts, including VPNs and routers, are vulnerable due to insecure tunneling protocols. Attackers can exploit these weaknesses to launch DoS attacks, infiltrate networks, and anonymize malicious activities. Organizations must implement IPsec, traffic filtering, and restrict tunneling access to prevent exploitation and safeguard critical infrastructure.

By Cybersecurity Team on January 20, 2025

Ransomware Exploits Amazon S3 Encryption to Lock Data

A new ransomware attack is targeting Amazon S3 buckets, exploiting AWS's Server-Side Encryption with Customer Provided Keys (SSE-C). Attackers encrypt stored data using their own keys, making recovery impossible without payment. Organizations must secure AWS credentials, enforce least privilege access, and monitor suspicious activity to prevent unauthorized encryption and protect critical cloud data.