SecureFact - Cyber Security News - Week of March 10, 2025

Data Breaches

1. Data breach at Japanese telecom giant NTT hits 18,000 companies

NTT Communications Corporation, a Japanese telecommunications giant, has announced a data breach affecting nearly 18,000 corporate clients. The breach, discovered in early February 2025, involved unauthorized access to its "Order Information Distribution System." The compromised data includes customer names, contact details, contract numbers, and service usage information. NTT believes the attackers initially breached the system around February 5th, and while access was blocked swiftly, a secondary breach was detected on February 15th. The company has contained the threat and has stated that individual notifications will not be sent to affected customers, instead relying on a public announcement. This incident follows a DDoS attack in January 2025 and a data breach in May 2020, highlighting ongoing cybersecurity challenges for the company.

2. Chicago Public Schools warns families of data breach including student information

Chicago Public Schools (CPS) is alerting families to a data breach affecting current and former students dating back to the 2017-2018 school year. The breach occurred due to a cyberattack on Cleo, a file transfer service used by CPS. The data accessed includes student names and birthdays. CPS assures that no Social Security numbers, financial information, or health data were compromised, and no staff information was involved. There's currently no evidence suggesting misuse of the stolen student data. CPS is collaborating with investigators.

3. Hackers leak sensitive data from elite Bronx private school after ransomware attack

Riverdale Country School, an elite private school in the Bronx, had sensitive data leaked by the RansomHub hacking group after a ransomware attack. The group, which infiltrated the school's computer system, published 42 GB of stolen data on the darknet, including personal information of students, parents, and faculty like contact details and medical information. Cybersecurity experts believe the school did not meet the group's ransom demands, as the data was posted after a five-day countdown. The school declined to comment. Experts warn against paying ransoms as it encourages further criminal activity and there's no guarantee the data will be deleted. This attack is part of a growing trend of cyberattacks targeting schools, with a recent attack on PowerSchool, a school information system, affecting schools nationwide.

4. US charges Chinese hackers linked to critical infrastructure breaches

The U.S. Justice Department has charged Chinese state security officers, along with hackers from APT27 and i-Soon, for breaches and cyberattacks targeting victims worldwide since 2011. Victims include U.S. federal and state agencies, foreign ministries, U.S.-based dissidents, and a religious organization. i-Soon hackers, acting at the direction of China's MPS and MSS, conducted intrusions and sold stolen data, charging between $10,000 and $75,000 per compromised email inbox. The DOJ charged two MPS officers and eight i-Soon employees and seized i-Soon's domain. The State Department is offering up to $10 million for information on the defendants. Hackers Yin Kecheng and Zhou Shuai, linked to APT27, were also charged for exploiting vulnerabilities and stealing data from numerous U.S. organizations, including tech companies and government entities. The Treasury Department sanctioned them, and the State Department offered rewards of up to $2 million for information leading to their arrests. These actions are part of a broader effort to combat cyberattacks by Chinese cybercriminals and state-sponsored hackers.

5. Toronto Zoo shares update on last year's ransomware attack

The Toronto Zoo has released details about a ransomware attack from January 2024, revealing that personal and financial data of employees (past and present), volunteers, and donors was compromised. The exposed information includes names, addresses, phone numbers, email addresses, and the last four digits of credit card numbers with expiration dates for transactions between January 2022 and April 2023. The attack affected guests and members who made general admission and membership purchases from 2000 to April 2023. The zoo has reported the breach to the Ontario privacy commissioner and advises affected individuals to monitor their financial accounts. The Akira ransomware group has claimed responsibility, leaking 35GB of the alleged 133GB stolen data, including NDAs, personal files like driver's licenses, and animal information. Akira, active since March 2023, has claimed over 300 victims and received approximately $42 million in ransom payments until April 2024.

6. Employee screening data breach exposes 3.3 million records

DISA Global Solutions, an employee screening company serving over 55,000 businesses, including a third of Fortune 500 companies, suffered a data breach that exposed the sensitive information of 3.3 million individuals. The breach began in February 2024, but went undetected for over two months. Compromised data includes Social Security numbers, financial account details, driver's licenses, and other government-issued IDs, likely collected from background checks and drug tests. DISA is offering affected individuals 12 months of free credit monitoring, but the incident raises concerns about the company's cybersecurity measures and response time, as notification took 10 months. Experts recommend individuals monitor their financial accounts, enroll in credit monitoring, place fraud alerts or credit freezes, be wary of phishing attempts, install strong antivirus software, and consider data removal services.

Malware and Vulnerability

1. Newly Exploited Vulnerabilities Target Cisco, Microsoft, and More – CISA Warns

CISA has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding five actively exploited vulnerabilities affecting Cisco routers, Hitachi Vantara's Pentaho Business Analytics Server, Microsoft Windows, and Progress Software's WhatsUp Gold. CISA emphasizes the importance of patching these vulnerabilities to mitigate risks of data breaches and system compromise. Organizations should monitor software, apply security patches promptly, and proactively identify potential vulnerabilities.

2. Cisco warns of Webex for BroadWorks flaw exposing credentials

Cisco has issued a warning about a vulnerability in Webex for BroadWorks Release 45.2 that could allow unauthorized remote attackers to access data and credentials. The vulnerability exists if unsecure transport is configured for SIP communication and affects Cisco BroadWorks (on-premises) and Cisco Webex for BroadWorks (hybrid cloud/on-premises) instances running in Windows environments. Cisco has already implemented a configuration change to address the flaw and advises customers to restart their Cisco Webex app to receive the fix. As a temporary workaround, Cisco recommends configuring secure transport for SIP communication to encrypt data in transit and rotating credentials.