PowerSchool customers hit by downstream extortion threats

~ Reporter ~ Leave a comment

Five months after education software vendor PowerSchool paid an unnamed threat actor a ransom in exchange for the deletion of sensitive stolen data, some of the company’s customers are now receiving extortion demands. 

A threat actor, who may or not be the same criminal group behind the attack, has contacted four school district customers of PowerSchool in the past few days, CyberScoop has learned, threatening to leak data if they don’t pay. 

The downstream extortion attacks highlight the ongoing risk organizations confront when a vendor is hit by a cyberattack, exposing not just their data but also that of others in their supply chain. The follow-on extortion attempts also underscore that paying ransoms for data does not guarantee stolen data won’t be leaked.

“PowerSchool is aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident,” a company spokesperson said Wednesday in a statement. “We do not believe this is a new incident, as samples of the data match the data previously stolen in December.”

The company did not say how much it paid in ransom. “We made the decision to pay a ransom because we believe it to be in the best interest of our customers and the students and communities we serve,” the spokesperson said. 

“We thought it was the best option for preventing the data from being made public, and we felt it was our duty to take that action,” the spokesperson added. “As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us.”

PowerSchool provides a suite of cloud-based software — including a student information system — to K-12 schools and districts, supporting more than 60 million students and 18,000 customers in over 90 countries. The company says its customers include more than 90 of the 100 largest school districts in the United States. 

The company identified suspicious activity in the PowerSchool Student Information System on Dec. 28 of last year. CrowdStrike, which already provided endpoint detection-and-response software and a threat-hunting service to PowerSchool, began an investigation into the circumstances behind the attack the following day.

The unnamed attacker gained access to PowerSchool’s system with a compromised credential for a support user in the company’s PowerSource support portal. The level of access granted to a support technician includes “sufficient permissions to gain access to customer SIS database instances for maintenance purposes,” CrowdStrike said in an investigation report it released in late February. 

The threat stole data from the “teachers” and “students” tables of the PowerSchool SIS instances for certain PowerSchool customers between Dec. 19 and Dec. 23, according to CrowdStrike’s report. The incident response firm said it found no evidence of system-layer access or malware, and nothing to indicate PowerSchool customer IT environments outside of PowerSource and PowerSchool SIS were compromised or at risk of intrusion due to the attack.

CrowdStrike found evidence of earlier unauthorized activity in the PowerSchool environment associated with the compromised support credentials between Aug. 16 and Sept. 17, but it couldn’t attribute this activity to the threat actor responsible for the malicious activity in December 2024.

The last evidence of threat actor activity occurred Dec. 28, when the attacker “used the compromised support credentials to log in to the maintenance interface of PowerSource to interact with PowerSchool SIS,” CrowdStrike said in the report.

PowerSchool customers have contacted the company to inform it of the recent extortion demands and threats. 

“We have reported this matter to law enforcement both in the United States and in Canada, and are working closely with our customers to support them,” the company spokesperson said. “We sincerely regret these developments — it pains us that our customers are being threatened and re-victimized by bad actors.”

The post PowerSchool customers hit by downstream extortion threats appeared first on CyberScoop.

from CyberScoop https://ift.tt/Y1S0HTP
via IFTTT

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

~ Reporter ~ Leave a comment

A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals.

In an indictment (PDF) unsealed last month, the U.S. Department of Justice said Dallas-based eWorldTrade “operated an online business-to-business marketplace that facilitated the distribution of synthetic opioids such as isotonitazene and carfentanyl, both significantly more potent than fentanyl.”

Launched in 2017, eWorldTrade[.]com now features a seizure notice from the DOJ. eWorldTrade operated as a wholesale seller of consumer goods, including clothes, machinery, chemicals, automobiles and appliances. The DOJ’s indictment includes no additional details about eWorldTrade’s business, origins or other activity, and at first glance the website might appear to be a legitimate e-commerce platform that also just happened to sell some restricted chemicals

A screenshot of the eWorldTrade homepage on March 25, 2025. Image: archive.org.

However, an investigation into the company’s founders reveals they are connected to a sprawling network of websites that have a history of extortionate scams involving trademark registration, book publishing, exam preparation, and the design of logos, mobile applications and websites.

Records from the U.S. Patent and Trademark Office (USPTO) show the eWorldTrade mark is owned by an Azneem Bilwani in Karachi (this name also is in the registration records for the now-seized eWorldTrade domain). Mr. Bilwani is perhaps better known as the director of the Pakistan-based IT provider Abtach Ltd., which has been singled out by the USPTO and Google for operating trademark registration scams (the main offices for eWorldtrade and Abtach share the same address in Pakistan).

In November 2021, the USPTO accused Abtach of perpetrating “an egregious scheme to deceive and defraud applicants for federal trademark registrations by improperly altering official USPTO correspondence, overcharging application filing fees, misappropriating the USPTO’s trademarks, and impersonating the USPTO.”

Abtach offered trademark registration at suspiciously low prices compared to legitimate costs of over USD $1,500, and claimed they could register a trademark in 24 hours. Abtach reportedly rebranded to Intersys Limited after the USPTO banned Abtach from filing any more trademark applications.

In a note published to its LinkedIn profile, Intersys Ltd. asserted last year that certain scam firms in Karachi were impersonating the company.

FROM AXACT TO ABTACH

Many of Abtach’s employees are former associates of a similar company in Pakistan called Axact that was shut down by Pakistani authorities for fraud in 2015. Axact met its demise not long after The New York Times ran a front-page story about the company’s most lucrative scam business: Hundreds of sites peddling fake college degrees and diplomas.

People who purchased fake certifications were subsequently blackmailed by Axact employees posing as government officials, who would demand additional payments under threats of prosecution or imprisonment for having bought fraudulent “unauthorized” academic degrees. This practice created a continuous cycle of extortion, internally referred to as “upselling.”

“Axact took money from at least 215,000 people in 197 countries — one-third of them from the United States,” The Times reported. “Sales agents wielded threats and false promises and impersonated government officials, earning the company at least $89 million in its final year of operation.”

Dozens of top Axact employees were arrested, jailed, held for months, tried and sentenced to seven years for various fraud violations. But a 2019 research brief on Axact’s diploma mills found none of those convicted had started their prison sentence, and that several had fled Pakistan and never returned.

“In October 2016, a Pakistan district judge acquitted 24 Axact officials at trial due to ‘not enough evidence’ and then later admitted he had accepted a bribe (of $35,209) from Axact,” reads a history (PDF) published by the American Association of Collegiate Registrars and Admissions Officers.

In 2021, Pakistan’s Federal Investigation Agency (FIA) charged Bilwani and nearly four dozen others — many of them Abtach employees — with running an elaborate trademark scam. The authorities called it “the biggest money laundering case in the history of Pakistan,” and named a number of businesses based in Texas that allegedly helped move the proceeds of cybercrime.

A page from the March 2021 FIA report alleging that Digitonics Labs and Abtach employees conspired to extort and defraud consumers.

The FIA said the defendants operated a large number of websites offering low-cost trademark services to customers, before then “ignoring them after getting the funds and later demanding more funds from clients/victims in the name of up-sale (extortion).” The Pakistani law enforcement agency said that about 75 percent of customers received fake or fabricated trademarks as a result of the scams.

The FIA found Abtach operates in conjunction with a Karachi firm called Digitonics Labs, which earned a monthly revenue of around $2.5 million through the “extortion of international clients in the name of up-selling, the sale of fake/fabricated USPTO certificates, and the maintaining of phishing websites.”

According the Pakistani authorities, the accused also ran countless scams involving ebook publication and logo creation, wherein customers are subjected to advance-fee fraud and extortion — with the scammers demanding more money for supposed “copyright release” and threatening to release the trademark.

Also charged by the FIA was Junaid Mansoor, the owner of Digitonics Labs in Karachi. Mansoor’s U.K.-registered company Maple Solutions Direct Limited has run at least 700 ads for logo design websites since 2015, the Google Ads Transparency page reports. The company has approximately 88 ads running on Google as of today. 

Junaid Mansoor. Source: youtube/@Olevels․com School.

Mr. Mansoor is actively involved with and promoting a Quran study business called quranmasteronline[.]com, which was founded by Junaid’s brother Qasim Mansoor (Qasim is also named in the FIA criminal investigation). The Google ads promoting quranmasteronline[.]com were paid for by the same account advertising a number of scam websites selling logo and web design services. 

Junaid Mansoor did not respond to requests for comment. An address in Teaneck, New Jersey where Mr. Mansoor previously lived is listed as an official address of exporthub[.]com, a Pakistan-based e-commerce website that appears remarkably similar to eWorldTrade (Exporthub says its offices are in Texas). Interestingly, a search in Google for this domain shows ExportHub currently features multiple listings for fentanyl citrate from suppliers in China and elsewhere.

The CEO of Digitonics Labs is Muhammad Burhan Mirza, a former Axact official who was arrested by the FIA as part of its money laundering and trademark fraud investigation in 2021. In 2023, prosecutors in Pakistan charged Mirza, Mansoor and 14 other Digitonics employees with fraud, impersonating government officials, phishing, cheating and extortion. Mirza’s LinkedIn profile says he currently runs an educational technology/life coach enterprise called TheCoach360, which purports to help young kids “achieve financial independence.”

Reached via LinkedIn, Mr. Mirza denied having anything to do with eWorldTrade or any of its sister companies in Texas.

“Moreover, I have no knowledge as to the companies you have mentioned,” said Mr. Mirza, who did not respond to follow-up questions.

The current disposition of the FIA’s fraud case against the defendants is unclear. The investigation was marred early on by allegations of corruption and bribery. In 2021, Pakistani authorities alleged Bilwani paid a six-figure bribe to FIA investigators. Meanwhile, attorneys for Mr. Bilwani have argued that although their client did pay a bribe, the payment was solicited by government officials. Mr. Bilwani did not respond to requests for comment.

THE TEXAS NEXUS

KrebsOnSecurity has learned that the people and entities at the center of the FIA investigations have built a significant presence in the United States, with a strong concentration in Texas. The Texas businesses promote websites that sell logo and web design, ghostwriting, and academic cheating services. Many of these entities have recently been sued for fraud and breach of contract by angry former customers, who claimed the companies relentlessly upsold them while failing to produce the work as promised.

For example, the FIA complaints named Retrocube LLC and 360 Digital Marketing LLC, two entities that share a street address with eWorldTrade: 1910 Pacific Avenue, Suite 8025, Dallas, Texas. Also incorporated at that Pacific Avenue address is abtach[.]ae, a web design and marketing firm based in Dubai; and intersyslimited[.]com, the new name of Abtach after they were banned by the USPTO. Other businesses registered at this address market services for logo design, mobile app development, and ghostwriting.

A list published in 2021 by Pakistan’s FIA of different front companies allegedly involved in scamming people who are looking for help with trademarks, ghostwriting, logos and web design.

360 Digital Marketing’s website 360digimarketing[.]com is owned by an Abtach front company called Abtech LTD. Meanwhile, business records show 360 Digi Marketing LTD is a U.K. company whose officers include former Abtach director Bilwani; Muhammad Saad Iqbal, formerly Abtach, now CEO of Intersys Ltd; Niaz Ahmed, a former Abtach associate; and Muhammad Salman Yousuf, formerly a vice president at Axact, Abtach, and Digitonics Labs.

Google’s Ads Transparency Center finds 360 Digital Marketing LLC ran at least 500 ads promoting various websites selling ghostwriting services . Another entity tied to Junaid Mansoor — a company called Octa Group Technologies AU — has run approximately 300 Google ads for book publishing services, promoting confusingly named websites like amazonlistinghub[.]com and barnesnoblepublishing[.]co.

360 Digital Marketing LLC ran approximately 500 ads for scam ghostwriting sites.

Rameez Moiz is a Texas resident and former Abtach product manager who has represented 360 Digital Marketing LLC and RetroCube. Moiz told KrebsOnSecurity he stopped working for 360 Digital Marketing in the summer of 2023. Mr. Moiz did not respond to follow-up questions, but an Upwork profile for him states that as of April 2025 he is employed by Dallas-based Vertical Minds LLC.

In April 2025, California resident Melinda Will sued the Texas firm Majestic Ghostwriting — which is doing business as ghostwritingsquad[.]com —  alleging they scammed her out of $100,000 after she hired them to help write her book. Google’s ad transparency page shows Moiz’s employer Vertical Minds LLC paid to run approximately 55 ads for ghostwritingsquad[.]com and related sites.

Google’s ad transparency listing for ghostwriting ads paid for by Vertical Minds LLC.

VICTIMS SPEAK OUT

Ms. Will’s lawsuit is just one of more than two-dozen complaints over the past four years wherein plaintiffs sued one of this group’s web design, wiki editing or ghostwriting services. In 2021, a New Jersey man sued Octagroup Technologies, alleging they ripped him off when he paid a total of more than $26,000 for the design and marketing of a web-based mapping service.

The plaintiff in that case did not respond to requests for comment, but his complaint alleges Octagroup and a myriad other companies it contracted with produced minimal work product despite subjecting him to relentless upselling. That case was decided in favor of the plaintiff because the defendants never contested the matter in court.

In 2023, 360 Digital Marketing LLC and Retrocube LLC were sued by a woman who said they scammed her out of $40,000 over a book she wanted help writing. That lawsuit helpfully showed an image of the office front door at 1910 Pacific Ave Suite 8025, which featured the logos of 360 Digital Marketing, Retrocube, and eWorldTrade.

The front door at 1910 Pacific Avenue, Suite 8025, Dallas, Texas.

The lawsuit was filed pro se by Leigh Riley, a 64-year-old career IT professional who paid 360 Digital Marketing to have a company called Talented Ghostwriter co-author and promote a series of books she’d outlined on spirituality and healing.

“The main reason I hired them was because I didn’t understand what I call the formula for writing a book, and I know there’s a lot of marketing that goes into publishing,” Riley explained in an interview. “I know nothing about that stuff, and these guys were convincing that they could handle all aspects of it. Until I discovered they couldn’t write a damn sentence in English properly.”

Riley’s well-documented lawsuit (not linked here because it features a great deal of personal information) includes screenshots of conversations with the ghostwriting team, which was constantly assigning her to new writers and editors, and ghosting her on scheduled conference calls about progress on the project. Riley said she ended up writing most of the book herself because the work they produced was unusable.

“Finally after months of promising the books were printed and on their way, they show up at my doorstep with the wrong title on the book,” Riley said. When she demanded her money back, she said the people helping her with the website to promote the book locked her out of the site.

A conversation snippet from Leigh Riley’s lawsuit against Talented Ghostwriter, aka 360 Digital Marketing LLC. “Other companies once they have you money they don’t even respond or do anything,” the ghostwriting team manager explained.

Riley decided to sue, naming 360 Digital Marketing LLC and Retrocube LLC, among others.  The companies offered to settle the matter for $20,000, which she accepted. “I didn’t have money to hire a lawyer, and I figured it was time to cut my losses,” she said.

Riley said she could have saved herself a great deal of headache by doing some basic research on Talented Ghostwriter, whose website claims the company is based in Los Angeles. According to the California Secretary of State, however, there is no registered entity by that name. Rather, the address claimed by talentedghostwriter[.]com is a vacant office building with a “space available” sign in the window.

California resident Walter Horsting discovered something similar when he sued 360 Digital Marketing in small claims court last year, after hiring a company called Vox Ghostwriting to help write, edit and promote a spy novel he’d been working on. Horsting said he paid Vox $3,300 to ghostwrite a 280-page book, and was upsold an Amazon marketing and publishing package for $7,500.

In an interview, Horsting said the prose that Vox Ghostwriting produced was “juvenile at best,” forcing him to rewrite and edit the work himself, and to partner with a graphical artist to produce illustrations. Horsting said that when it came time to begin marketing the novel, Vox Ghostwriting tried to further upsell him on marketing packages, while dodging scheduled meetings with no follow-up.

“They have a money back guarantee, and when they wouldn’t refund my money I said I’m taking you to court,” Horsting recounted. “I tried to serve them in Los Angeles but found no such office exists. I talked to a salon next door and they said someone else had recently shown up desperately looking for where the ghostwriting company went, and it appears there are a trail of corpses on this. I finally tracked down where they are in Texas.”

It was the same office that Ms. Riley served her lawsuit against. Horsting said he has a court hearing scheduled later this month, but he’s under no illusions that winning the case means he’ll be able to collect.

“At this point, I’m doing it out of pride more than actually expecting anything to come to good fortune for me,” he said.

The following mind map was helpful in piecing together key events, individuals and connections mentioned above. It’s important to note that this graphic only scratches the surface of the operations tied to this group. For example, in Case 2 we can see mention of academic cheating services, wherein people can be hired to take online proctored exams on one’s behalf. Those who hire these services soon find themselves subject to impersonation and blackmail attempts for larger and larger sums of money, with the threat of publicly exposing their unethical academic cheating activity.

A “mind map” illustrating the connections between and among entities referenced in this story. Click to enlarge.

GOOGLE RESPONDS

KrebsOnSecurity reviewed the Google Ad Transparency links for nearly 500 different websites tied to this network of ghostwriting, logo, app and web development businesses. Those website names were then fed into spyfu.com, a competitive intelligence company that tracks the reach and performance of advertising keywords. Spyfu estimates that between April 2023 and April 2025, those websites spent more than $10 million on Google ads.

Reached for comment, Google said in a written statement that it is constantly policing its ad network for bad actors, pointing to an ads safety report (PDF) showing Google blocked or removed 5.1 billion bad ads last year — including more than 500 million ads related to trademarks.

“Our policy against Enabling Dishonest Behavior prohibits products or services that help users mislead others, including ads for paper-writing or exam-taking services,” the statement reads. “When we identify ads or advertisers that violate our policies, we take action, including by suspending advertiser accounts, disapproving ads, and restricting ads to specific domains when appropriate.”

Google did not respond to specific questions about the advertising entities mentioned in this story, saying only that “we are actively investigating this matter and addressing any policy violations, including suspending advertiser accounts when appropriate.”

From reviewing the ad accounts that have been promoting these scam websites, it appears Google has very recently acted to remove a large number of the offending ads. Prior to my notifying Google about the extent of this ad network on April 28, the Google Ad Transparency network listed over 500 ads for 360 Digital Marketing; as of this publication, that number had dwindled to 10.

On April 30, Google announced that starting this month its ads transparency page will display the payment profile name as the payer name for verified advertisers, if that name differs from their verified advertiser name. Searchengineland.com writes the changes are aimed at increasing accountability in digital advertising.

This spreadsheet lists the domain names, advertiser names, and Google Ad Transparency links for more than 350 entities offering ghostwriting, publishing, web design and academic cheating services.

KrebsOnSecurity would like to thank the anonymous security researcher NatInfoSec for their assistance in this investigation.

For further reading on Abtach and its myriad companies in all of the above-mentioned verticals (ghostwriting, logo design, etc.), see this Wikiwand entry.

from Krebs on Security https://ift.tt/pf2HWQv
via IFTTT

CrowdStrike cuts 5% of workforce after revenue jumped 29% last year

~ Reporter ~ Leave a comment

CrowdStrike is cutting 5% of its workforce, about 500 positions, telling its staff that it’s shifting resources and realigning its operating model for growth in new market segments, according to a Wednesday filing with the Securities and Exchange Commission.

The company is slashing headcount following a year of significant growth in a strong market. CrowdStrike’s revenue jumped 29% year-over-year to $3.95 billion in fiscal year 2025, which ended Jan. 31. Yet, the company also reported a net loss of $19.3 million in FY25 after reporting net income of $89.3 million the previous year.

CrowdStrike’s growing use of artificial intelligence for internal operations was a factor behind the decision to cut staff in certain roles, according to CEO George Kurtz. “AI flattens our hiring curve, and helps us innovate from idea to product faster,” he said in a letter to employees. “It streamlines go-to-market, improves customer outcomes, and drives efficiencies across both the front and back office. AI is a force multiplier throughout the business.”

The company plans to continue hiring customer-facing and product engineering roles, but layoffs in other areas of the business suggests AI’s ability to automate some tasks and boost productivity has made some roles redundant.

Industry analysts question the extent to which CrowdStrike needed to or chose to point to AI as a factor leading to layoffs.

“We have to be careful that AI isn’t being used as an excuse for some area of the business that is underperforming,” said Neil MacDonald, a vice president and analyst at Gartner. 

“AI tools are used to make a given employee more productive, therefore you don’t need as many people,” MacDonald said. “But if you’re growing, what it means is you don’t have to hire as many [people], but it doesn’t necessarily mean you have to lay people off.”

CrowdStrike is the second-largest provider of endpoint protection, a market segment that drives the bulk of its revenue. Its market share in that segment grew from 20.3% in 2023 to 21.3% in 2024, according to Gartner.

Jeff Pollard, VP and principal analyst at Forrester, said Kurtz’s mention of AI likely came from some AI-related efficiency gains, but noted there’s also an industrywide trend at play. 

“Some amount of AI-washing is now prevalent in every one of these announcements and this is no exception,” he said. “In much the same way that ‘we take privacy and security very seriously’ can be found in every breach disclosure, so too can ‘AI productivity’ in workforce reduction announcements.”

Unfortunately, Pollard said, CrowdStrike’s “obligatory mention of AI” will be widely emulated by other cybersecurity vendors. 

Business leaders across multiple industries say they are looking to use AI to cut their workforce by at least 10% and up to 30%, including customer service, creative and administrative roles, according to Zeus Kerravala, principal analyst at ZK Research. 

“The layoffs are part of a broader set of efficiencies and I’m fully expecting to see more. This was only 5% and I think it’s more indicative of the state of AI rather than the state of cyber,” Kerravala said. 

“The layoffs should be viewed more as the evolution of AI and the changing nature of cyber rather than issues at CrowdStrike,” he added.

Kurtz said the decision to cut staff was predicated and driven by other factors as well. This includes, he said, a push to consolidate more customers on CrowdStrike’s Falcon platform, and multibillion-dollar opportunities in new market segments, such as tools for next generation security information and event management, identity, cloud and exposure management.

The company’s goals beyond its core business in endpoint protection pose an important question in the face of these layoffs, according to MacDonald. 

CrowdStrike is growing, gaining market share in cloud protection and SIEM last year, he said, but the company is still a relatively small player in those areas, and perhaps it’s not growing as quickly as it hoped in newer market segments.

“The cyber industry is changing with platforms starting to take hold over point products,” Kerravala said. “CrowdStrike will likely have to cut heads as they bring in talent around how to build and monetize platforms.”

The layoffs also come nearly 10 months after a faulty CrowdStrike Falcon security software update caused millions of Microsoft Windows systems to malfunction. That mistake caused major issues for businesses worldwide, and company executives have repeatedly said they need to regain the trust of customers.

CrowdStrike expects to incur up to $53 million in charges related to the layoffs, including severance payments, benefits and stock-based compensation.

“I know this is difficult news and it affects all of us. These decisions were made with care and guided by a clear view of where we need to go,” Kurtz said.

“As we evolve, we are laser-focused on transforming cybersecurity,” he said. “We stop breaches. This mission defines our purpose, unites our team and keeps us focused on what matters most: protecting our customers.”

The post CrowdStrike cuts 5% of workforce after revenue jumped 29% last year appeared first on CyberScoop.

from CyberScoop https://ift.tt/ZqsJOF5
via IFTTT

In the works – AWS South America (Chile) Region

~ Reporter ~ Leave a comment

Today, Amazon Web Services (AWS) announced plans to launch a new AWS Region in Chile by the end of 2026. The AWS South America (Chile) Region will consist of three Availability Zones at launch, bringing AWS infrastructure and services closer to customers in Chile. This new Region joins the AWS South America (São Paulo) and AWS Mexico (Central) Regions as our third AWS Region in Latin America. Each Availability Zone is separated by a meaningful distance to support applications that need low latency while significantly reducing the risk of a single event impacting availability.

Skyline of Santiago de Chile with modern office buildings in the financial district in Las Condes

The new AWS Region will bring advanced cloud technologies, including artificial intelligence (AI) and machine learning (ML), closer to customers in Latin America. Through high-bandwidth, low-latency network connections over dedicated, fully redundant fiber, the Region will support applications requiring synchronous replication while giving you the flexibility to run workloads and store data locally to meet data residency requirements.

AWS in Chile
In 2017, AWS established an office in Santiago de Chile to support local customers and partners. Today, there are business development teams, solutions architects, partner managers, professional services consultants, support staff, and personnel in various other roles working in the Santiago office.

As part of our ongoing commitment to Chile, AWS has invested in several infrastructure offerings throughout the country. In 2019, AWS launched an Amazon CloudFront edge location in Chile. This provides a highly secure and programmable content delivery network that accelerates the delivery of data, videos, applications, and APIs to users worldwide with low latency and high transfer speeds.

AWS strengthened its presence in 2021 with two significant additions. First, an AWS Ground Station antenna location in Punta Arenas, offering a fully managed service for satellite communications, data processing, and global satellite operations scaling. Second, AWS Outposts in Chile, bringing fully managed AWS infrastructure and services to virtually any on-premises or edge location for a consistent hybrid experience.

In 2023, AWS further enhanced its infrastructure with two key developments, an AWS Direct Connect location in Chile that lets you create private connectivity between AWS and your data center, office, or colocation environment, and AWS Local Zones in Santiago, placing compute, storage, database, and other select services closer to large population centers and IT hubs. The AWS Local Zone in Santiago helps customers deliver applications requiring single-digit millisecond latency to end users.

The upcoming AWS South America (Chile) Region represents our continued commitment to fueling innovation in Chile. Beyond building infrastructure, AWS plays a crucial role in developing Chile’s digital workforce through comprehensive cloud education initiatives. Through AWS Academy, AWS Educate, and AWS Skill Builder, AWS provides essential cloud computing skills to diverse groups—from students and developers to business professionals and emerging IT leaders. Since 2017, AWS has trained more than two million people across Latin America on cloud skills, including more than 100,000 in Chile.

AWS customers in Chile
AWS customers in Chile have been increasingly moving their applications to AWS and running their technology infrastructure in AWS Regions around the world. With the addition of this new AWS Region, customers will be able to provide even lower latency to end users and use advanced technologies such as generative AI, Internet of Things (IoT), mobile services, banking industry, and more, to drive innovation. This Region will give AWS customers the ability to run their workloads and store their content in Chile.

Here are some examples of customers in Chile using AWS to drive innovation:

The Digital Government Secretariat (SGD) is the Chilean government institution responsible for proposing and coordinating the implementation of the Digital Government Strategy, providing an integrated government approach. SGD coordinates, advises, and provides cross-sector support in the strategic use of digital technologies, data, and public information to improve state administration and service delivery. To fulfill this mission, SGD relies on AWS to operate critical digital platforms including Clave Única (single sign-on), FirmaGob (digital signature), the State Electronic Services Integration Platform (PISEE), DocDigital, SIMPLE, and the Administrative Procedures and Services Catalog (CPAT), among others.

Transbank, Chile’s largest payment solutions ecosystem managing the largest percentage of national transactions, used AWS to significantly reduce time-to-market for new products. Moreover, Transbank implemented multiple AWS-powered solutions, enhancing team productivity and accelerating innovation. These initiatives showcase how financial technology companies can use AWS to drive innovation and operational efficiency. “The new AWS Region in Chile will be very important for us,” said Jorge Rodríguez M., Chief Architecture and Technology Officer (CA&TO) of Transbank. “It will further reduce latency, improve security and expand the possibilities for innovation, allowing us to serve our customers with new and better services and products.”

To learn more about AWS customers in Chile, visit AWS Customer Success Stories.

AWS sustainability efforts in Chile
AWS is committed to water stewardship in Chile through innovative conservation projects. In the Maipo Basin, which provides essential water for the Metropolitan Santiago and Valparaiso regions, AWS has partnered with local farmers and climate-tech company Kilimo to implement water-saving initiatives. The project involves converting 67 hectares of agricultural land from flood to drip irrigation, which will save approximately 200 million liters of water annually.

This water conservation effort supports AWS commitment to be water positive by 2030 and demonstrates our dedication to environmental sustainability in the communities where AWS operate. The project uses efficient drip irrigation systems that deliver water directly to plant root systems through a specialized pipe network, maximizing water efficiency for agricultural use. To learn more about this initiative, read our blog post AWS expands its water replenishment program to China and Chile—and adds projects in the US and Brazil.

AWS community in Chile
The AWS community in Chile is one of the most active in the region, comprising of AWS Community Builders, two AWS User Groups (AWS User Group Chile and AWS Girls Chile), and an AWS Cloud Club. These groups hold monthly events and have organized two AWS Community Days. At the first Community Day, held in 2023, we had the honor of having Jeff Barr as the keynote speaker.

Chile AWS Community Day 2023

Stay tuned
We’ll announce the opening of this and the other Regions in future blog posts, so be sure to stay tuned! To learn more, visit the AWS Region in Chile page.

Eli

Thanks to Leonardo Vilacha for the Chile AWS Community Day 2023 photo.

How is the News Blog doing? Take this 1 minute survey!

(This survey is hosted by an external company. AWS handles your information as described in the AWS Privacy Notice. AWS will own the data gathered via this survey and will not share the information collected with survey respondents.)

from AWS News Blog https://ift.tt/P7H05cR
via IFTTT

Top 10 Cloud Security Mitigation Tactics

~ Reporter ~ Leave a comment

As businesses continue to migrate operations and data to the cloud, securing cloud environments has become more critical than ever. Cloud security threats are dynamic and complex, making proactive mitigation tactics essential to protect sensitive data, ensure compliance, and maintain business continuity. Below are ten proven tactics organizations should employ to mitigate cyber threats existing in the cloud environments.

1. Implement Strong Identity and Access Management (IAM)

IAM is the first line of defense in cloud security. Use multi-factor authentication (MFA), enforce least privilege principles, and regularly audit user roles and permissions. Centralized IAM helps ensure that only the right individuals have access to the right resources.

2. Encrypt Data at Rest and in Transit

Data should always be encrypted—whether it’s being stored or transmitted. Use strong encryption protocols such as AES-256 and TLS 1.2/1.3. Ensure encryption keys are managed securely, preferably through hardware security modules (HSMs) or a key management service (KMS).

3. Conduct Regular Security Audits and Penetration Testing

Regular audits and penetration tests help identify vulnerabilities before attackers can exploit them. These assessments should include code reviews, infrastructure scans, and configuration checks across all cloud services.

4. Enable Continuous Monitoring and Logging

Monitoring tools should be in place to detect anomalies and potential breaches in real time. Services like AWS CloudTrail, Azure Monitor, or Google Cloud’s Operations Suite offer robust visibility into activities across your cloud infrastructure.

5. Harden Cloud Configurations

Misconfigured cloud resources are one of the most common causes of breaches. Use automated tools like AWS Config, Azure Security Center, or open-source solutions like ScoutSuite to continuously validate and harden your environment against insecure settings.

6. Apply the Principle of Least Privilege (PoLP)

Ensure users and applications have only the access they need. This minimizes the risk of lateral movement in case an account is compromised. Implement granular access controls and isolate critical workloads whenever possible.

7. Regularly Patch and Update Systems

Outdated software and unpatched vulnerabilities are easy targets for attackers. Automate patch management and ensure all components—from VMs to containers and third-party applications—are up to date.

8. Use Firewalls and Network Segmentation

Network security remains vital. Use cloud-native firewalls, security groups, and network access control lists (ACLs) to filter traffic. Segment networks by environment (e.g., dev, test, prod) and by application type to limit the blast radius of potential attacks.

9. Implement a Strong Incident Response Plan

Have a well-documented and tested incident response (IR) plan specific to cloud services. This plan should define roles, communication protocols, and procedures for identifying, containing, and recovering from a breach.

10. Educate and Train Your Workforce

Human error is a persistent risk. Regular training and awareness programs can prevent phishing, social engineering, and accidental misconfigurations. Include cloud security best practices in onboarding and ongoing education.

Conclusion

Cloud security is a shared responsibility between providers and customers. By applying these ten mitigation tactics, organizations can significantly reduce their exposure to threats and maintain a strong cloud security posture. As technology evolves, staying informed and agile is just as important as any tool or policy.

The post Top 10 Cloud Security Mitigation Tactics first appeared on Cybersecurity Insiders.

The post Top 10 Cloud Security Mitigation Tactics appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/9osPMYC
via IFTTT

Accelerate the transfer of data from an Amazon EBS snapshot to a new EBS volume

~ Reporter ~ Leave a comment

Today we are announcing the general availability of Amazon Elastic Block Store (Amazon EBS) Provisioned Rate for Volume Initialization, a feature that accelerates the transfer of data from an EBS snapshot, a highly durable backup of volumes stored in Amazon Simple Storage Service (Amazon S3) to a new EBS volume.

With Amazon EBS Provisioned Rate for Volume Initialization, you can create fully performant EBS volumes within a predictable amount of time. You can use this feature to speed up the initialization of hundreds of concurrent volumes and instances. You can also use this feature when you need to recover from an existing EBS Snapshot and need your EBS volume to be created and initialized as quickly as possible. You can use this feature to quickly create copies of EBS volumes with EBS Snapshots in a different Availability Zone, AWS Region, or AWS account. Provisioned Rate for Volume Initialization for each volume is charged based on the full snapshot size and the specified volume initialization rate.

This new feature expedites the volume initialization process by fetching the data from an EBS Snapshot to an EBS volume at a consistent rate that you specify between 100 MiB/s and 300 MiB/s. You can specify this volume initialization rate at which the snapshot blocks are to be downloaded from Amazon S3 to the volume.

With specifying the volume initialization rate, you can create a fully performant volume in a predictable time, enabling increased operational efficiency and visibility on the expected time of completion. If you run utilities like fio/dd to expedite volume initialization for your workflows like application recovery and volume copy for testing and development, it will remove the operational burden of managing such scripts with the consistency and predictability to your workflows.

Get started with specifying the volume initialization rate
To get started, you can choose the volume initialization rate when you launch your EC2 instance or create your volume from the snapshot.

1. Create a volume in the EC2 launch wizard
When launching new EC2 instances in the launch wizard of EC2 console, you can enter a desired Volume initialization rate in the Storage (volumes) section.

You can also set the volume initialization rate when creating and modifying the EC2 Launch Templates.

In the AWS Command Line Interface (AWS CLI), you can add VolumeInitializationRate parameter to the block device mappings when call run-instances command.

aws ec2 run-instances \
    --image-id ami-0abcdef1234567890 \
    --instance-type t2.micro \
    --subnet-id subnet-08fc749671b2d077c \
    --security-group-ids sg-0b0384b66d7d692f9 \
    --key-name MyKeyPair \
    --block-device-mappings file://mapping.json

Contents of mapping.json. This example adds /dev/sdh an empty EBS volume with a size of 8 GiB.

[
    {
        "DeviceName": "/dev/sdh",
        "Ebs": {
            "VolumeSize": 8
            "VolumeType": "gp3",            
            "VolumeInitializationRate": 300
		 } 
     } 
]

To learn more, visit block device mapping options, which defines the EBS volumes and instance store volumes to attach to the instance at launch.

2. Create a volume from snapshots
When you create a volume from snapshots, you can also choose Create volume in the EC2 console and specify the Volume initialization rate.

Confirm your new volume with the initialization rate.

In the AWS CLI, you can use VolumeInitializationRate parameter and when calling create-volume command.

aws ec2 create-volume --region us-east-1 --cli-input-json '{
    "AvailabilityZone": "us-east-1a",
    "VolumeType": "gp3",
    "SnapshotId": "snap-07f411eed12ef613a",
    "VolumeInitializationRate": 300
}'

If the command is run successfully, you will receive the result below.

{
    "AvailabilityZone": "us-east-1a",
    "CreateTime": "2025-01-03T21:44:53.000Z",
    "Encrypted": false,
    "Size": 100,
    "SnapshotId": "snap-07f411eed12ef613a",
    "State": "creating",
    "VolumeId": "vol-0ba4ed2a280fab5f9",
    "Iops": 300,
    "Tags": [],
    "VolumeType": "gp2",
    "MultiAttachEnabled": false,
    "VolumeInitializationRate": 300
}

You can also set the volume initialization rate when replacing root volumes of EC2 instances and provisioning EBS volumes using the EBS Container Storage Interface (CSI) driver.

After creation of the volume, EBS will keep track of the hydration progress and publish an Amazon EventBridge notification for EBS to your account when the hydration completes so that they can be certain when their volume is fully performant.

To learn more, visit Create an Amazon EBS volume and Initialize Amazon EBS volumes in the Amazon EBS User Guide.

Now available
Amazon EBS Provisioned Rate for Volume Initialization is now available and supported for all EBS volume types today. You will be charged based on the full snapshot size and the specified volume initialization rate. To learn more, visit Amazon EBS Pricing page.

To learn more about Amazon EBS including this feature, take the free digital course on the AWS Skill Builder portal. Course includes use cases, architecture diagrams and demos.

Give this feature a try in the Amazon EC2 console today and send feedback to AWS re:Post for Amazon EBS or through your usual AWS Support contacts.

— Channy

How is the News Blog doing? Take this 1 minute survey!

(This survey is hosted by an external company. AWS handles your information as described in the AWS Privacy Notice. AWS will own the data gathered via this survey and will not share the information collected with survey respondents.)

from AWS News Blog https://ift.tt/rbuLpV4
via IFTTT

Strengthening Cybersecurity in the Vulnerable Educational System

~ Reporter ~ Leave a comment

School systems may not immediately come to mind as targets for cybersecurity attacks. However, threat actors have increasingly turned their attention to them, recognizing that the extensive digital infrastructure supporting schools contains a wealth of sensitive information that can be stolen or exploited for financial gain.

It was reported earlier this year that hackers stole private data of over 700,000 current and former Chicago Public Schools (CPS) students in a ransomware attack, subsequently posting it on the Dark Web. Exploiting a vulnerability in a technology vendor’s software that  CPS was using to share data, hackers accessed a server and compromised information from the district and over 60 other organizations nationwide. The stolen data included students’ names, birth dates, genders, and CPS student ID numbers.

There was also the PowerSchool breach that is currently on track to become one of the biggest breaches of the year. The company stated that hackers used compromised credentials to breach its customer support portal, further allowing access to the company’s school information system, which houses sensitive information such as student records, grades, attendance, and enrollment. 

Teachers, administrators, students, and even parents/guardians urgently need to reduce the likelihood of a cyberattack, no matter the time of year. With the right tools, skills, and awareness, school districts can strengthen their cybersecurity posture and remain well-protected from the evolving threat landscape.

Much like the business sector, the education system has integrated digital infrastructure to support day-to-day activities and administrative duties. Students rely on computers to complete and submit assignments, teachers use them to manage their students’ progress, and administrators depend on them for communication, analytics, and record-keeping. This reliance on technology has resulted in school districts accumulating a massive reserve of personal and sensitive information, including phone numbers, email addresses, social security numbers, and even medical records and credit card information—all of which can be exploited by threat actors.

Many high-ranking members within the education system fail to realize what a treasure trove the data within their systems could turn out to be to a cybercriminal. As a result, many school districts lack the necessary cybersecurity infrastructure, training programs, and general awareness to stay protected against attacks. This vulnerability has led threat actors to target schools, hoping to exploit under-protected systems and easily hijack valuable data.

School districts with inadequate cybersecurity measures and training programs are much more vulnerable to sophisticated network attacks or software exploits. However, the lack of cyber defense training among both students and staff poses an even greater risk for successful social engineering or phishing exploits. As a result, attacks are easier to execute, allowing threat actors to hijack private credentials or attach viruses, malware, or ransomware to seemingly innocent communications.

While summer vacation is approaching and the semester will be coming to a close soon, it is  imperative that school districts integrate a new wave of cybersecurity operations into their systems to avoid these issues as they could arise at any time. Simultaneously, threat actors are likely to target school infrastructure and unsuspecting users in hopes of an easy payday. With this in mind, schools should take proactive steps to safeguard against cyber threats, both through robust cybersecurity infrastructure and comprehensive, ongoing school-wide training.

First, school districts must implement fundamental cybersecurity measures as a baseline level of protection. This includes next-gen, AI-powered email security solutions, advanced threat detection and response, endpoint security, patch management, as well as strong passwords backed with multi-factor authentication (MFA). Phishing resistant MFA is also highly useful for all official school accounts.

Secondly, school districts must ensure that all private and sensitive information is securely backed up with immutable storage. In the event of a breach or a ransomware attack, or if systems become compromised, districts can be reassured that stored data isn’t lost. Properly storing data also prevents threat actors from extorting school districts, as they have access to backed-up data even if the original versions are rendered inaccessible.

Lastly, it is critical to foster a student body and administration that is knowledgeable about cybersecurity best practices. Through regular training and thorough awareness programs, school districts can create a “human firewall” that significantly reduces the likelihood of a successful attack.

To build an effective human firewall, school districts can adopt the ‘mindset-skillset-toolset’ triad:

  • Mindset – Raise awareness among students and staff about growing cyber threats
  • Skillset – Combine awareness training with simulations for workers and students
  • Toolset – Incorporate tools that support secure behavior by employees and students

This approach should be applied holistically, but it’s important to note that specific demographics require tailored approaches to training. Key differences to consider include:

  • Students, teachers, and administrators use devices and accounts for specific purposes, with some handling more sensitive information than others.
  • Faculty and administrators, who regularly use school devices, likely have the most up-to-date software and protection from private Wi-Fi and Ethernet connections. However, their contact information is often publicly available on school websites, making them particularly high-risk targets.
  • Parents and guardians are less likely to use school devices but should be educated about cyber risks to help their children understand potential dangers and serve as a resource if suspicious activity occurs. 
  • School districts need to implement age-appropriate training that teachers and parents/guardians can ensure is closely followed both in class and at home, with the sophistication of training gradually increasing for older age groups.

School systems may be at a higher risk of cyber attacks than ever before, but they are not powerless to prevent threat actors from disrupting their activities. By implementing robust security infrastructure, fostering awareness, and providing regular training, school systems can ensure that their students and staff are prepared to mitigate any potential cyber threats at any point throughout the school year.

__

Daniel Blank, COO at Hornetsecurity

Daniel Blank has over 15 years of experience selling complex IT products, and 13 years of various managerial positions in the cloud security environment. Daniel joined Hornetsecurity in 2010 as Key Account Manager, quickly becoming Director of Sales, and finally assuming the role of COO in 2014. Today, Daniel is responsible for Sales, Presales/ Education, and Human Resources at Hornetsecurity.

 

The post Strengthening Cybersecurity in the Vulnerable Educational System first appeared on Cybersecurity Insiders.

The post Strengthening Cybersecurity in the Vulnerable Educational System appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/OSWeotc
via IFTTT

Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks

~ Reporter ~ Leave a comment

Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data.
“While these ‘plug-and-play’ options greatly simplify the setup process, they often prioritize ease of use over security,” Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team

from The Hacker News https://ift.tt/7TAUZXa
via IFTTT

Entra ID Data Protection: Essential or Overkill?

~ Reporter ~ Leave a comment

Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role — managing authentication, enforcing policy, and connecting users across distributed environments.
That prominence also

from The Hacker News https://ift.tt/2jpOCA7
via IFTTT