AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/15/2023

Brightly says SchoolDude data breach spilled 3 million user accounts 

Software maker Brightly has confirmed that hackers stole close to three million SchoolDude user accounts in an April data breach. SchoolDude is a cloud-based work order management system, used primarily by schools and universities, to submit and track maintenance orders. Its users are school employees, like principals, executives and maintenance workers, as well as students and other staff submitting repair requests. In a data breach notice filed with the Maine attorney general’s office, Brightly said it was notifying both past and present customers that the hackers took their names, email addresses, account passwords and phone numbers, if added to the account. The data also includes the names of school districts. 


Malicious Chatbots Target Casinos in Southeast Asia 

A campaign dating back to October 2021 has turned its attention toward Southeast Asian gambling operations with a sneaky new tactic — targeting customer support agents with chatbots. Researchers at ESET dubbed the campaign “ChattyGoblin” and traced it back to threat groups backed by China. ESET added that the threat actors rely primarily on Comm100 — which was first observed and documented by CrowdStrike — and LiveHelp apps. 


Executive fired from TikTok’s Chinese owner says Beijing had access to app data in termination suit 

A former executive fired from TikTok’s parent company ByteDance made a raft of accusations against the tech giant Friday, including that it stole content from competitors like Instagram and Snapchat, and served as a “propaganda tool” for the Chinese government by suppressing or promoting content favorable to the country’s interests. The allegations were made in a complaint Friday by Yintao Yu, the head of engineering for ByteDance’s U.S. operations from August 2017 to November 2018, as part of a wrongful termination lawsuit filed earlier this month in San Francisco Superior Court. Yu claims he was fired for disclosing “wrongful conduct” he saw at the company. 


Robocall company behind ‘billions’ of illegal calls sued by FTC 

XCast Labs, a company accused of helping make billions of illegal robocalls, was sued on Friday by the U.S. Federal Trade Commission, which asked the court to order the company to stop the practice. XCast, a Voice over Internet Protocol (VoIP) provider, is accused of helping other companies, at least one of which falsely claimed to be a government entity, reach out to people on the National Do Not Call Registry and generally deceive them into making purchases or contributions, the lawsuit said. The FTC requested an unspecified amount in penalties. 


Discord Breached After Service Agent Targeted 

Discord has notified users of a data breach that occurred when a threat actor gained unauthorized access to the support ticket queue of a third-party customer service agent. “Due to the nature of the incident it is possible that your email address, the contents of customer service messages and any attachments sent between you and Discord may have been exposed to a third party,” read a message seen by Infosecurity and sent to impacted users. 


Insured companies more likely to be ransomware victims, sometimes more than once 

Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms, according to a recent survey of IT decision makers. Back in 2019, fewer than 20% of enterprises suffered repeat ransomware attacks, while during the pandemic, the percentage rose to around 30%. And it didn’t stop with the pandemic, with 38% of organizations surveyed in 2022 reporting two or more successful ransomware attacks, those that attackers were able to lock systems, encrypt data, or exfiltrate information to demand a ransom, according to Barracuda’s report conducted by Vanson Bourne. 


Related Posts