Canadian school photography company claims hackers demanded ransom for students’ photos, 82% of phishing sites now aimed at mobile devices and more

We have now reached MORE than 23,630 subscribers! Thanks for your support. Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network.

Be sure to read the "My thoughts" section to learn strategies for navigating and combating cyber attacks. I'm here to assist you in avoiding and battling these threats should they ever affect you.

Contact me if you have any questions regarding your enterprise's cybersecurity strategy --> Luigi Tiano.

P.S. We often do giveaways on our company page -->

Canadian school photography company claims hackers demanded ransom for students’ photos?

?

Edge Imaging, a Canadian school photography company, reported a ransomware attack that affected around 3,500 student photos from several Saskatchewan school divisions. The breach was linked to Entourage, the owner of the yearbook software platform Creator Studio Pro, which experienced a cyber incident due to a compromised username and password on its Canadian Amazon Web Services cloud server. While the stolen photos reportedly did not contain personal identifiers, the metadata associated with them could potentially reveal sensitive information about the students and staff. Although some of the stolen files were recovered, the privacy commissioner raised concerns about the ongoing risk of the breach and the possibility of data being sold on the dark web.?

?

My Thoughts: As a Canadian, I find it deeply concerning that our education sector is facing such horrible attacks. It’s alarming that a ransomware group targeted a photography company, holding images of student's hostage. This breach isn’t just about stolen data; it highlights the vulnerability of our children’s information. Canadians should be worried, because of the risks we are facing in our increasingly digital world. It’s unacceptable that our children’s privacy is compromised, and we must act decisively to protect them. ( saskatoon.ctvnews.ca ) ?

Why you need to Invest in cybersecurity and employee training?

?

AutoCanada reported that employee data may have been compromised in a ransomware attack carried out by the Hunters International group in August. Although the company has not detected any fraud targeting those affected, it is notifying individuals of potential risks. The attack led to operational disruptions, requiring the firm to take certain IT systems offline. Hunters International claimed responsibility for the attack, stating they stole terabytes of sensitive data, including employee names, addresses, Social Insurance Numbers, payroll information, and scans of ID documents. In response, AutoCanada is offering impacted individuals three years of identity theft protection and credit monitoring. While the company has implemented measures to enhance cybersecurity, it cannot guarantee that such incidents will not occur in the future. ( bleepingcomputer.com ) ?

??

My Thoughts: This isn’t just about compromised data; it’s about trust and the security of our communities. We help mid-sized businesses protect themselves from these very threats, and it’s crucial for organizations to invest in reliable cybersecurity measures and employee training. There is a strong need for vigilance—everyone involved must recognize the potential risks and take proactive steps to defend against cyberattacks. We can’t let this become the norm; we need to step up our game to safeguard our people and their information. Let’s get in touch.??

?

?

Your mobile device is the new target - 82% of phishing sites now aimed at mobile devices?

?

According to Zimperium’s 2024 zLabs Global Mobile Threat Report, a staggering 82% of phishing sites now target mobile devices. The report highlights that 76% of these sites utilize HTTPS, misleading users into believing they are secure. Additionally, unique malware samples have increased by 13% year-on-year, with riskware and trojans accounting for 80% of the threats. The healthcare sector is the most affected, with 39% of mobile threats originating from phishing attacks. Cybercriminals exploit weak mobile endpoints, using mobile-first strategies to deceive users into revealing sensitive information. The report emphasizes the need for enterprises to adopt a multi-layered security strategy to protect mobile endpoints. ( infosecurity-magazine.com ) ?

??

My Thoughts: With 82% of phishing sites now aimed at mobile devices, it’s clear that cybercriminals are shifting their focus. As a Canadian, it’s alarming to see the healthcare industry hit so hard—our healthcare systems are crucial, and we can’t afford to let them become easy targets.??

??

Organizations must step up their game, especially since many employees rely on mobile devices for work. At Assurance IT, we help mid-sized businesses protect themselves from these rising threats. It’s time for everyone involved to prioritize security measures and stay ahead of these evolving risks. Protect your mobile devices!?

?

We only partner with the best on the market. We have a variety of options, tailored to your needs and organization size.??

?

Have questions about your cybersecurity posture? Let’s chat.?

?

Calendar Link ?

?

Do you have the ChatGPT desktop app on your Mac? Be aware.?

?

A recently patched security vulnerability in OpenAI’s ChatGPT app for macOS, identified as “SpAIware,” could have allowed attackers to implant persistent spyware in the app’s memory. This flaw, which exploited the memory feature introduced in February, could facilitate continuous data exfiltration of user input and responses across chat sessions. The attack relied on indirect prompt injection to manipulate memory and store malicious instructions, enabling ongoing communication with an attacker-controlled server. Following responsible disclosure, OpenAI addressed the issue with an update, but security experts warn users to regularly review and clean up stored memories for suspicious content. ( thehackernews.com ) ?

?

My Thoughts: The idea that spyware could be lurking in an AI tool like ChatGPT is unsettling and highlights the vulnerabilities that can arise with advanced features like memory.? It’s dangerous that users could unknowingly have their information exfiltrated over time, especially when it comes to sensitive conversations dealing with PII. Organizations need to prioritize cybersecurity measures and users need to remain vigilant. Regularly reviewing and managing stored data in apps is essential for ensuring our privacy. As we continue to integrate AI into our daily lives, we must be proactive about understanding the risks and protecting ourselves against potential threats.?

?

Assurance IT can help. We know how it’s done.??

?

?