Archive for March 19, 2025

Pennsylvania State Education Association notifies 500K people of data breach VIA a ransomware gang

Posted in Commentary with tags on March 19, 2025 by itnerd

The Pennsylvania State Education Association this week confirmed it notified 517,487 people of a July 2024 data breach that compromised the following personal info including SSNs, passwords, routing numbers, credit/debit card numbers, and a lot more. 

Ransomware gang Rhysida claimed responsibility for the breach in September 2024 but the PSEA has not yet verified Rhysida’s claim.

In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote: 

“Rhysida is thought to have ties to the ransomware group Vice Society and first surfaced in May 2023. Its ransomware can steal data and lock down targeted systems. It then demands a ransom both for deleting stolen data and for a key to restore infected systems. Rhysida has claimed 82 confirmed ransomware attacks since it began, compromising more than 5.3 million records. Its average ransom demand is $1.08 million.”

“Ransomware attacks can both steal data and lock down computer systems. Organizations are then forced to either pay a ransom or face extended downtime, data loss, and putting data subjects at increased risk of fraud.”

“In 2024, Comparitech researchers logged 74 confirmed ransomware attacks on the US education sector, 72 of which were against schools and colleges. These attacks compromised more than 3 million records in total. Rhysida’s attack on the PSEA is the third-largest of the year by number of records affected. The largest such attacks in 2024 were on Texas Tech University Health Sciences Center (1.5 million) and Chicago Public Schools (700,000).”

“In 2025 so far, we are tracking nine confirmed ransomware attacks on US education, plus another 31 unconfirmed claims that haven’t been acknowledged by the targeted organizations.”

This is yet another bad situation where a threat actor is about to cause lots of misery to lots of people for many years to come. That illustrates why we all need to wrap our heads around protecting organizations from threat actors who mean to do harm to us all.

Leave a comment »

StilachiRAT Targeting Credentials and Crypto Wallets Warns Microsoft

Posted in Commentary with tags on March 19, 2025 by itnerd

News of a novel remote access trojan named StilachiRAT, which Microsoft has warned employs advanced techniques to sidestep detection and persist within target environments.

In November 2024, Microsoft Incident Response researchers uncovered a novel remote access trojan (RAT) we named StilachiRAT that demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data. Analysis of the StilachiRAT’s WWStartupCtrl64.dll module that contains the RAT capabilities revealed the use of various methods to steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored in the clipboard, as well as system information.

Microsoft has not yet attributed StilachiRAT to a specific threat actor or geolocation. Based on Microsoft’s current visibility, the malware does not exhibit widespread distribution at this time. However, due to its stealth capabilities and the rapid changes within the malware ecosystem, we are sharing these findings as part of our ongoing efforts to monitor, analyze, and report on the evolving threat landscape.

Erich Kron, Security Awareness Advocate at KnowBe4, has the following comments:

“People who work or play in the cryptocurrency world are significant targets for bad actors due to the unregulated nature of the funds, the possibility for anonymity, and the fact that once a transaction is complete, unlike with wire transfers or other more traditional methods, there is no way to undo it.”

“As cryptocurrency continues to become more mainstream, attackers will adjust their tactics as they refine their efficiency and speed. Many people just getting started with cryptocurrency are not familiar with its pitfalls, and are sometimes excited to make a profit, so they take foolish risks.”

“For those people dealing with cryptocurrency, it is important that accounts use extremely strong passwords that are unique and impossible to guess. In addition, accounts should be protected by MFA, and the individuals should educate themselves about common cryptocurrency scams and cyberattack methods.”

This is all good advice not just for anyone in the crypto space, but in general. Things like MFA and strong passwords are going to mitigate threat actors like this one from carrying out attacks of any sort. Crypto related or not.

Leave a comment »

5 Miles Lab Data Leaked To The Web

Posted in Commentary with tags on March 19, 2025 by itnerd

Recently, the Safety Detectives Cybersecurity Team stumbled upon a forum post on the clear web where a threat actor posted a link to a database allegedly belonging to 5 Miles Lab, a digital advertising company that contained 8.3 million lines of their corporate inbox information. Which of course is bad.

You can see the full report here: https://www.safetydetectives.com/news/5mileslab-leak-report/

Leave a comment »

Bad News For Tesla Owners… Your Data Has Been Leaked And There’s Only One Way To Fix That

Posted in Commentary with tags on March 19, 2025 by itnerd

The owners of Telsa cars have had their personal data leaked. 404 Media is reporting that a website called DOGEQWEST which is a direct shot at Elon Musk’s involvement in the activities of the Trump Administration has posted what it claims to be a searchable map of the names, addresses and other personally identifiable information of every Tesla owner in the USA. And to make things even more interesting, if you want to call it that, the only way to get your name removed is to prove to the website’s operators that you’ve sold your Tesla.

Now it isn’t clear how accurate this data is, or how this data was obtained. But 404 Media has confirmed that at least some of the data is accurate. On top of that, while the website doesn’t openly advocate violence, the cursor for the website is a Molotov cocktail and it says stuff like this:

Under a heading that reads “Is DOGEQUEST a protest platform?” the website says “If you’re on the hunt for a Tesla to unleash your artistic flair with a spray can, just step outside—no map needed! At DOGEQUEST, we believe in empowering creative expressions of protest that you can execute from the comfort of your own home.”

So clearly this site is meant to twist the screws on Elon by making the brand so toxic that people avoid it and Elon loses money. The thing is that if someone wants to target Elon because they don’t like him or his political views, then they should target Elon and leave Tesla owners out of this. There’s no way that posting personally identifiable information about Tesla owners for any random human that wants to make a political point can be considered to be acceptable. Thus I really hope either the people who run this site have a change of heart (unlikely I know), or they get a visit from a three letter agency. Because this isn’t cool at all.

Leave a comment »

Kite Mobility Debuts Oakville’s First All-Electric Rideshare Hub at The Saw Whet by Caivan

Posted in Commentary with tags on March 19, 2025 by itnerd

Kite Mobility has announced the launch of its first all-electric rideshare hub in Oakville, located at The Saw Whet by Caivan. This marks a major step in expanding sustainable transportation options in the region, offering residents convenient, cost-effective, and eco-friendly alternatives to car ownership.

Residents at The Saw Whet can now access a BMW i4 electric vehicle, available exclusively for their use. In the coming months, the fleet will expand to include additional electric cars (EV’s), and electric bikes (e-bikes), providing a comprehensive shared mobility solution tailored to urban living. Through Kite’s user-friendly mobile app, residents can seamlessly book vehicles, manage payments, and enjoy 24/7 access to the fleet.

With transportation accounting for nearly 25% of Canada’s greenhouse gas emissions, Kite’s electric rideshare platform plays a vital role in fostering greener communities. By integrating electric ridesharing into The Saw Whet’s lifestyle amenities, residents can reduce their carbon footprint while enjoying effortless access to premium EVs.

A Smarter, More Sustainable Way to Get Around

Kite’s electric rideshare service is designed to be seamless and cost-effective, featuring:

  • Flexible booking through the Kite app
  • 24/7 availability for resident-exclusive vehicles
  • No added maintenance, insurance, or fuel costs for users
  • Unlimited mileage within the service area
  • Affordable, pay-per-use pricing, offering significant savings compared to traditional car ownership

To celebrate the launch, Kite Mobility is offering an exclusive promotion to residents at The Saw Whet: enjoy the first ride free—up to one hour.

Join the Movement Toward Greener Cities

The Saw Whet, located at 2501 Saw Whet Blvd, provides a perfect setting for Kite Mobility’s services, blending modern design with the natural beauty of Bronte Creek Provincial Park and the Fourteen Mile Creek Natural Heritage System. The addition of an EV-sharing hub further enhances The Saw Whet’s reputation as a community at the forefront of sustainable urban living.

For more information about Kite Mobility or to download the Kite mobile app, visit www.kitemobility.io.

Leave a comment »