In today’s cybersecurity news…
Hackers hijack Japanese financial accounts to conduct billions in trades
Japan’s Financial Services Agency (FSA) is warning of what they call a sharp increase in the number of cases of unauthorized access and unauthorized trading through online trading services in the first three months of 2025 with almost $2 billion in funds moved by hackers from 5,000 breached accounts. The FSA said, “hackers gain access to a victim’s account through stolen login information and use them to sell stocks or other securities.” As reported in The Record, “the hackers typically use the breached accounts to raise the price of smaller stocks that they themselves have purchased. Once the stock price increases, the hackers sell their stock and earn a profit from the inflated value.
Education giant Pearson hit by cyberattack
Based in the UK, Pearson is “one of the world’s largest providers of academic publishing, digital learning tools, and standardized assessments,” serving academic institutions and individuals in more than 70 countries. The company has now confirmed a cyberattack that involved the theft of what it calls “mostly legacy data.” The company also confirmed “that the stolen data did not include employee information.”
Microsoft Teams will soon block screen capture during meetings
Microsoft will introduce a new “Prevent Screen Capture” feature in Teams starting July 2025, which will block users from taking screenshots of sensitive information during meetings. When a screenshot is attempted, the meeting window will turn black. Users joining from unsupported platforms will be restricted to audio-only mode to protect content. The feature will be available on Teams desktop apps (Windows and Mac) and mobile apps (iOS and Android). However, Microsoft notes that content can still be photographed externally. It remains unclear whether the feature will be enabled by default or controllable by meeting organizers or administrators.
Ascension data breach exposed data of over 430,000 patients
Ascension, one of the largest private healthcare systems in the United States, has suffered another data breach, this one occurring last December. The organization says that data breach was actually suffered by a former business partner, stating, “Ascension inadvertently disclosed information to a former business partner, and some of this information was likely stolen from them due to a vulnerability in third-party software used by the former business partner.” The stolen data includes names, contact info, SSNs, and medical visit details, but that this varies by individual.
Huge thanks to our sponsor, Vanta
But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI.
Now that’s…a new way to GRC. Get started at Vanta.com/headlines.
iClicker site sends ClickFix malware to students via fake CAPTCHA
iClicker is a service that helps get students more engaged in their classes through the se of polls, emojis, and AI based questions. It is a subsidiary of the Macmillan publishing group. The company has revealed that the iCLicker site was hacked in early April to display a fake CAPTCHA that delivered a PowerShell script by way of a ClickFix social engineering attack. The company warns students and faculty to run security software and use a password manager. It also adds that that “users who accessed iClicker through the mobile app or did not encounter the fake CAPTCHA are not at risk from the attack.”
23andMe customers have until July 14 to file claims
The embattled ancestry company 23AndMe has announced that customers who were affected by the 2023 breach may file a Cyber Security Incident Claim. Those customers who “suffered financial or other damages due to the breach can submit a claim as part of the bankruptcy case. Customers with other types of grievances unrelated to the cyberattack, such as issues with DNA test results or the company’s telehealth services, may submit a separate claim under the General Bar Date Package.” Customers have until July 14 to file claims for losses incurred.
Bluetooth 6.1 enhances privacy with randomized RPA timing
This innovation, announced by the Bluetooth Special Interest Group (SIG), brings “increased device privacy via randomized Resolvable Private Addresses (RPA) updates,” which makes it much more difficult for third parties to track. “Currently, RPAs are updated at fixed intervals, usually every 15 minutes, which introduces a level of predictability. This predictability can be exploited in correlation attacks, making long-term tracking possible. “The Controller picks a random value in the defined range using a NIST-approved random number generator and updates the RPA. This makes tracking significantly harder, as there is no pattern in the value selection.”
The next thing to worry about: ransomware infected CPUs
Christiaan Beek, senior director of threat analytics for Rapid7, told The Register that the technology exists to allow intruders to load unapproved microcode into CPUs, “breaking encryption at the hardware level and modifying CPU behavior at will.” His proof of concept was spurred on by a recent incident in which AMD Zen chips were infected by a Google-designed bug that “allowed a security hold” by ensuring that the random number required was always 4. Beek says this is not rocket science and that developers working for the cybercrime group Conti were discussing this three years ago. He blames the weaknesses that make break-ins on high-risk vulnerabilities, weak passwords, or multi-factor authentication that is weakly or wrongly deployed.