SecureFact - Cyber Security News - Week of March 17, 2025

Data Breaches

1. US govt says Americans lost record $12.5 billion to fraud in 2024

In 2024, Americans lost a record $12.5 billion to fraud, a 25% increase from the previous year, according to the FTC. Investment scams were the costliest, totaling $5.7 billion, followed by imposter scams at $2.95 billion. Younger individuals reported fraud more frequently than those over 70. Job scams have also seen a significant rise. While online scams were common, phone interactions resulted in higher individual losses. Email was the most frequent initial contact method by scammers. The FTC's Consumer Sentinel Network received 6.5 million consumer reports, but this is likely a fraction of the actual fraud due to underreporting. Victims can report fraud at IdentityTheft.gov and ReportFraud.ftc.gov.

2. 2,300,000 Credit and Debit Cards Leaked on Dark Web As Hackers Infect Millions of Devices, Drain Bank Accounts: Report

Kaspersky reports that 2.3 million credit and debit cards were leaked on the dark web between 2023 and 2024 due to infostealer malware, which infected 26 million Windows devices. Bank card information is compromised in approximately one out of every 14 infections. The Redline infostealer was the most common, while Risepro saw a significant increase in infections, targeting not only banking details but also cryptocurrency wallets, spreading through software cracks and game mods. Kaspersky recommends users monitor bank notifications, use two-factor authentication, and perform regular security scans.

3. PowerSchool previously hacked in August, months before data breach

PowerSchool, a cloud-based K-12 software provider, suffered a significant data breach in December 2024 through its customer support portal, PowerSource, potentially affecting millions of students and teachers. A recent CrowdStrike investigation revealed that PowerSchool was initially hacked in August and September 2024 using the same compromised credentials. While the December breach led to the exfiltration of sensitive data, including names, addresses, SSNs, and grades, there's no evidence the stolen data has been leaked, possibly due to a paid ransom. The investigation couldn't confirm if the earlier breaches were by the same threat actor. PowerSchool has yet to disclose the full impact of the breach, but sources indicate that over 6,500 school districts and a total of 72 million students and teachers may have had their data stolen.

4. Pittsburgh customers impacted by Rivers Casino Philadelphia data breach

Rivers Casino Philadelphia experienced a significant data breach in November 2024, exposing sensitive personal information of thousands of individuals. Unauthorized actors accessed and potentially exfiltrated files containing names, Social Security numbers, and bank account details used for direct deposits. The breach was specific to the Philadelphia location and did not affect other Rivers Casino sites. By December 30, 2024, the casino began notifying affected individuals via letters and emails. The ransomware group Cicada3301 claimed responsibility, stating it had stolen 2.56 TB of data and demanded a ransom by February 15, 2025. The casino has not disclosed whether it paid the ransom. In response, Rivers Casino secured its systems and launched an investigation. It is also offering one year of identity theft protection through Experian to eligible victims. Several law firms, including Levi & Korsinsky LLP, are investigating the breach and exploring potential class-action lawsuits for impacted individuals.

5. Bank of America warns customers of data breach after document handling mishap

Bank of America warned certain customers about a potential data breach stemming from a document-handling mishap by a third-party vendor on December 30. The vendor failed to secure bank documents during transit, leading to some being found outside their containers near a financial center. The unsecured information included personal details like names, addresses, Social Security numbers, and financial data. Bank of America is monitoring affected accounts and offering a free two-year Experian identity theft protection service. The exact number of affected customers and locations isn't specified, but Massachusetts reported two residents affected, with their Social Security, credit card, and financial account information breached.

Malware and Vulnerabilities

1. Microsoft shares guidance on upcoming Publisher deprecation

Microsoft is ending support for Microsoft Publisher after October 2026 and will remove it from Microsoft 365. Users are advised to convert their .pub files to PDF or Word format using the "Save As" function, or automate the process with a macro for large sets of files. While third-party conversion tools exist, Microsoft doesn't officially support them and notes potential inconsistencies. Microsoft suggests replacing Publisher with Word or PowerPoint for many tasks, providing guidance on which application to use for different projects. For more advanced projects, alternatives like Canva, Adobe InDesign, and Affinity Publisher are recommended. Users with perpetual versions of Publisher can continue using them, but there will be no updates or support after October 2026.

2. Critical Remote Code Execution Vulnerability in Apache Tomcat (CIVN-2025-0047)

A critical vulnerability (CIVN-2025-0047) has been identified in Apache Tomcat, an open-source web server and servlet container for Java-based web applications. This vulnerability affects Apache Tomcat versions 11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, and 9.0.0-M1 to 9.0.98. The issue arises from improper handling of partial HTTP PUT requests, which could allow an unauthenticated remote attacker to exploit the system by crafting malicious partial PUT requests to overwrite files. Successful exploitation could result in remote code execution, disclosure of sensitive information, or data corruption under specific conditions on the target system. This vulnerability poses a significant risk to organizations and individuals using Apache Tomcat. Users are strongly advised to apply the vendor-provided updates available at Apache Tomcat's official thread to mitigate the issue promptly.