Cyber Security Headlines: LA School leaks, GAO security ignored, PLAY ransomware in UK

LA School attack exposed Social Security numbers

Back in September, the Los Angeles Unified School District suffered a ransomware attack. An investigation revealed threat actors accessed its servers from July 31st through September 3rd, with access to contractor information. The district now notified victims this data included certified payroll records and labor compliance documents, meaning social security numbers were included in the leak. The attackers used Vice Society ransomware, used in attacks against a range of educational organizations. The district said its still investigating to understand the scope of impact of leaked data on students, faculty and parents. 

 (The Record)

Government Accountability Office names and shames

Since 2010, the US Government Accountability Office released 335 public cybersecurity recommendations to federal agencies. Last week, it disclosed that federal agencies still need to implement 190 of them. In a long term review of this issue, the GAO said that a 2020 review of 23 civilian agencies found that non have fully implemented foundational practices for supply chain risk management, with 14 not implementing any of them. The office warned that not improving compliance could lead to “disrupted mission operations, theft of intellectual property, and harm to individuals.”

(InfoSecurity Magazine)

PLAY ransomware hits UK car dealerships

The ransomware organization posted data on its leak site, claiming to offer sensitive personal data stolen from one of the UK’s largest car dealerships, Arnold Clark. The dealership said it discovered suspicious traffic in December according to a January 3rd tweet, but did not say if an actual attack took place. Data on the leak site includes National Insurance numbers, passport data, bank statements, finance documents, phone numbers, and addresses. No further update from the dealership since January 3rd, other than to say its reviewing its “whole IT network and infrastructure.”  

(The Record)

Google Must Open the Play Store in India

Back in October, the Competition Commission of India fined Google $161.9 million for anti-competitive practices on Android. It also mandated changes to the Google Play Store. Google attempted to challenge these in court. However the Supreme Court of India declined Google’s request to block these changes. As a result, India will require the Google Play Store to host third-party app stores as of January 26th. The ruling also prevents Google from requiring manufacturers to pre-install apps on Android devices to receive Play Store access and require Google to allow Play Store access on forked Android versions. No word on how Google will implement these new requirements, or deal with the security implications of allowing unvetted app stores through its platform. 


And now a word from our sponsor, SafeBase

If a prospective customer asked about your trust program or security policies, where would you send them? Chances are, you’d need to send an NDA, hunt down documentation, go back and forth via email, and answer a litany of questions. SafeBase is the better way. SafeBase’s Smart Trust Center allows you to send *one link* to customers or buyers, so they can easily access the security and compliance information they need. Meanwhile, you get more control over who has access to your documents, and for how long. Build customer trust the smart way with SafeBase – learn more at

Microsoft expands OpenAI investment

Microsoft announced a new “multi-year, multi-billion dollar investment” in OpenAI. Semafor’s sources said earlier this month the deal could be worth up to $10 billion, and could reportedly give Microsoft a 49% stake in the company. Microsoft previously invested $1 billion in OpenAI back in 2019, gaining an exclusive licnese to tech for GPT-3. OpenAI said the investment will allow it “to continue our independent research and develop AI that is increasingly safe, useful, and powerful.” Microsoft will become the exclusive cloud partner for OpenAI services. In exchange it will provide supercomputer assets to aid in OpenAI’s research.

(Security Week)

Sliver is the new Cobalt Strike

Researchers at Cybereason published a new advisory that threat actors increasingly use the open-source Sliver C2 framework rather than Cobalt Strike. Sliver initially came out in 2020. It uses Golang for better cross-platform support, and includes useful features like dynamic code generation. Overall usage numbers remain low but growing, mainly seeing usage with the Russian SVR, Cozy Bear, and the BumbleBee malware family. Like Cobalt Strike, Sliver was developed for security professionals as a pen test tool. 

(InfoSecurity Magazine)

Google Ads invites abused for spam

Bleeping Computer shared user reports of this practice. Spammers send out legitimate Google Ad invites, which appear from an authentic account, and invite the user to gain access to the account’s admin interface. However the spammer found a way to redirect these links to adult dating websites that try to collect personal information. Because the attackers send these as legitimate Google Ads emails, users cannot simply designate them as spam or block the address. This address is used for all Google Ads emails, so it could result in real messages getting lost. 

(Bleeping Computer)

Routers can see through walls

Researchers at Carnegie Mellon published research showing how two Wi-Fi routers could be used to sense humans through walls, able to distinguish 3D shape and general pose. This used a deep neural network called DensePose which mapped Wi-Fi signal strength to coordinates. DensePose does not represent the break through here, the software has been out there for a while. Rather its using a cheap off-the-shelf router as a 1D sensor to capture this data. Typical DensePose used RBG camera, LiDAR, and radar. The researchers proposed the tech for home health care and other benevolent use cases, but it doesn’t take much to consider the privacy implications. 


Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.