Cyber Security Today: Stolen Credentials, Configuration Leaks, Education Breaches, and Energy Sector Risks
This is Cyber Security Today. I’m your host, Jim Love.
Credentials from Top Cybersecurity Vendors Found on Dark Web
Thousands of credentials from leading cybersecurity vendors have been found for sale on dark web marketplaces, according to security researchers at Cyble.
Cyble didn’t name the affected vendors, due to the security implications. But the data included passwords for internal systems, customer accounts, and cloud-based environments, putting both the vendors and their clients at risk. Cyble’s report notes that many of the stolen credentials were tied to recent breaches, making the threat particularly urgent.
Some of these credentials allow access to management and developer systems, which attackers can use to locate sensitive data and exploit vulnerabilities. These included systems like Okta, Jira, GitHub, AWS, Microsoft Online, Salesforce, SolarWinds, Box, WordPress, Oracle, and Zoom, plus several other password managers, authentication systems, and device management platforms.
We hope that in most cases these are protected by multi-factor authentication (MFA) but even that may not provide sufficient protection if attackers already possess privileged access details.
However, the researchers warned that these leaked credentials often serve as precursors to larger incidents, such as ransomware attacks.
Organizations are urged to take immediate steps to secure their systems, review access permissions, and strengthen their defenses against info stealer malware.
https://cyble.com/blog/thousands-of-security-vendor-credentials-found-on-dark-web/
FortiGate Configuration Leak Exposes Thousands of Organizations
Nearly 5,000 organizations have been impacted by a recent leak of FortiGate firewall configuration files. The files were posted online by the Belsen Group, a cybercriminal organization, after exploiting a zero-day vulnerability, CVE-2022-40684, in 2022.
The files were router configuration files which contain detailed information about network setups, including firewall rules, VPN configurations, and email addresses. This type of leak is particularly dangerous as it provides attackers with insights into how networks are structured, enabling reconnaissance, lateral movement, and potentially devastating attacks like ransomware.
While not all leaked files included email data, researcher Kevin Beaumont used what was there to compile a list of affected addresses to help organizations identify their exposure.
Fortinet has urged affected organizations to update credentials, secure their systems, and monitor for signs of exploitation. The incident underscores the critical need for organizations to safeguard configuration files and ensure vulnerabilities in network devices are patched promptly.
PowerSchool Breach Exposes Millions
A major breach at education technology provider PowerSchool has exposed sensitive data for millions of students, parents, and teachers across North America. The compromised data, which includes names, addresses, Social Security numbers, medical records, and academic grades, was accessed through PowerSchool’s PowerSource support portal.
Discovered in December 2024, the breach was not caused by vulnerabilities in school districts but rather by compromised credentials within PowerSchool’s systems.
In response, PowerSchool has offered affected individuals two years of free credit monitoring and engaged cybersecurity experts to strengthen its defenses. However, frustration remains high as families and educators face the potential consequences of identity theft and fraud.
Multiple lawsuits have been filed, alleging negligence by PowerSchool in protecting this sensitive data. These lawsuits are demanding damages and stricter cybersecurity practices. The breach highlights the growing need for education technology providers to implement robust security measures, as their platforms increasingly hold critical personal and educational data.
Ransomware Surge Targets U.S. Energy Sector
The U.S. energy and utilities sector is facing a growing threat. As just on example, ransomware attacks increased by 80% year-over-year, according to a report from Trustwave SpiderLabs. Nearly half of all ransomware attacks in the sector occurred in the U.S., with the Hunters International group responsible for 19% of incidents in late 2024.
Phishing remains the most common attack vector, used in 84% of breaches to gain initial access.
Once inside, attackers frequently employ brute-force techniques to access credentials and use remote desktop protocol vulnerabilities for lateral movement within networks.
The aging infrastructure compounds these risks and increases vulnerabilites. In the U.S., much of the electrical grid is over 40 years old, and many operational technology (OT) systems lack modern protections or proper segmentation. And classic preventions, such as updating or patching these systems is challenging due to the need for continuous operations, again leaving vulnerabilities open for exploitation.
The consequences of these attacks go beyond financial losses, which average $5.29 million per breach. Disruptions to power, transportation, and healthcare services can exponentially multiply the damage.
The report calls for immediate investments in modernizing legacy systems, training employees to identify phishing attempts, and implementing OT-specific cybersecurity measures to protect this essential sector.
There’s a link to the report in the show notes. Here’s the link.
The vulnerability of our infrastructure is now a problem of critical proportions. And while the report gives statistics, we’ll be rerunning a show this weekend where an ethical hacker walks you through a city’s infrastructure. While that show is almost a year old, the issues haven’t changed substantially. Check it out on Saturday morning.
That’s our show for today. You can reach me with tips, comments, and even some constructive criticism. I’m your host Jim Love. Thanks for listening.
