This is your easyDNS #AxisOfEasy Briefing for the week of January 20th  2025 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the 'net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.

In this issue: 

• Clearview AI Faces Legal Setback in Canada Over Unlawful Biometric Data Practices
• Global Phishing Scheme Targets Google Ads Users, Exploits Platform Vulnerabilities
• Google Search Hits Decade-Low Market Share Amid Rising Competition and Changing User Habits
• Decades of Student Data Exposed in Toronto District School Board Breach
• Major Cybersecurity Vendors Exposed: Thousands of Credentials Leaked on Dark Web

Elsewhere Online:

Clearview AI Faces Legal Setback in Canada Over Unlawful Biometric Data Practices

Clearview AI, a facial recognition company, suffered a legal defeat in Canada when the Supreme Court of British Columbia upheld an Information and Privacy Commissioner’s order. The order prohibits Clearview from collecting, using, and selling biometric facial data in British Columbia without individuals’ consent. It also mandates the deletion of existing data and cessation of data-gathering practices, including the use of its automated “image crawler” that harvests publicly available photos online. This decision underscores growing privacy concerns about facial recognition technology and its implications for data security, free speech, and consent.

Clearview AI markets itself as an investigative tool aiding law enforcement in identifying suspects, witnesses, and victims. However, privacy advocates criticize its practices as emblematic of unchecked facial surveillance, noting the absence of consent mechanisms and the scale of data collection. The company’s database reportedly includes over three billion photos of Canadians, including children, among a total of 50 billion images worldwide.

Clearview argued the order was “unreasonable,” claiming it could not identify Canadian residents from its data and that public availability of images exempts it from privacy violations. The court rejected this, finding the order reasonable and noting Clearview complies with stricter privacy laws, like Illinois’ Biometric Information Privacy Act (BIPA), elsewhere.

Read: https://reclaimthenet.org/canadian-court-upholds-ban-on-clearview-ais-unconsented-facial-data-collection-in-british-columbia

Global Phishing Scheme Targets Google Ads Users, Exploits Platform Vulnerabilities

Cybercriminals are exploiting Google Ads by deploying fraudulent advertisements impersonating the platform to steal advertiser credentials. These schemes involve redirecting victims to fake login pages hosted on Google Sites, exploiting domain-matching rules to appear legitimate. Once victims click, phishing kits harvest usernames, passwords, cookies, geolocation, and ISP details, enabling attackers to seize accounts, spend ad budgets, add malicious administrators, and lock out rightful owners. Stolen accounts fuel further malvertising, scams, and malware distribution, with some sold on blackhat forums.

Three groups orchestrate these attacks. The most prolific, Portuguese-speaking actors likely based in Brazil, maintain continuous malicious ad presence despite takedowns, evident from JavaScript code in phishing kits. A second group, from Asia, potentially Hong Kong or China, uses similar delivery methods but with distinct phishing tools. A third, suspected Eastern European group, avoids Google Sites, using obfuscated fake CAPTCHA lures to execute phishing campaigns.

Victims span advertisers managing substantial ad budgets, vulnerable due to limited defenses and ad-blocker use. Reports from forums and social media confirm widespread impact. Google’s response remains insufficient, as compromised accounts persist despite policies. While Google earns revenue from malicious ads, advertisers face financial loss and reputational damage, emphasizing the need for robust security measures to disrupt this global, multifaceted operation.

Read: https://www.malwarebytes.com/blog/news/2025/01/the-great-google-ads-heist-criminals-ransack-advertiser-accounts-via-fake-google-ads


Google Search Hits Decade-Low Market Share Amid Rising Competition and Changing User Habits

Google Search, long the undisputed leader in search engines, has dropped below a 90% global market share for three consecutive months, its lowest in a decade. The last sustained dip of this magnitude occurred in early 2015. Data from StatCounter, which tracks trends across millions of websites, underscores this decline, though the methodology isn’t flawless.

A mix of competitive and behavioral shifts is driving this erosion. The generative AI surge has introduced formidable competitors like OpenAI’s ChatGPT and Perplexity, offering innovative search experiences. Privacy-conscious users are migrating to alternative engines, with slight gains recorded for Bing, Yahoo, and Yandex. These platforms, though still fluctuating, are carving out niches as Google contracts.

TikTok is also disrupting search norms, particularly among younger users who increasingly treat it as a primary information source. TikTok’s impact is so pronounced that it tested linking Google Search within its app, while Google began sourcing TikTok content in early 2024 to retain relevance.

This decline reflects broader shifts in user preferences and technology adoption. While Google remains dominant, the rise of AI-driven platforms and unconventional search methods highlights the fragility of its once-unassailable position, marking a pivotal moment in the evolution of search engine dynamics.

Read: https://9to5google.com/2025/01/15/google-search-market-share-2024-low-point/

Decades of Student Data Exposed in Toronto District School Board Breach

The Toronto District School Board (TDSB), Canada’s largest, serving 240,000 students annually, suffered a data breach exposing 40 years of student records via PowerSchool, a platform used to store historical information for alumni requests. The breach affected all students enrolled between September 1985 and December 2024, compromising sensitive personal data, including names, addresses, dates of birth, and phone numbers. More recent records from 2017 also included contact information for parents and guardians, significantly broadening the scope of exposure.

TDSB disclosed that PowerSchool informed them of alleged confirmation from hackers that the stolen data had been deleted, but PowerSchool has not clarified the nature or reliability of this assurance. The incident raises questions about data retention policies, cybersecurity protocols, and the risks of maintaining decades-old records, especially given their potential value to malicious actors.

Despite notifying affected parties, the board has not detailed measures to prevent future breaches, leaving uncertainty about how it will rebuild trust. The breach highlights vulnerabilities in safeguarding educational data and underscores the risks of third-party dependencies like PowerSchool. With sensitive information at stake, the lack of clarity and concrete action amplifies concerns for the security of student, parent, and guardian records, both historical and ongoing.

Read: https://techcrunch.com/2025/01/21/toronto-school-district-says-40-years-of-student-data-stolen-in-powerschool-breach/

Major Cybersecurity Vendors Exposed: Thousands of Credentials Leaked on Dark Web

Cyble's January 22 report reveals the exposure of thousands of account credentials belonging to 14 major cybersecurity vendors, including McAfee, CrowdStrike, Palo Alto Networks, Fortinet, and Zscaler, on the dark web. These credentials, leaked since early 2025, were likely stolen from infostealer logs and sold on cybercrime marketplaces for as little as $10. The exposed data spans internal accounts and customer access, indicating that both vendor employees and clients are affected. The credentials are associated with vulnerable web-facing access points, such as web consoles and single sign-on (SSO) logins, although Cyble did not verify their validity.

Cyble traces the leaks to compromised internal systems, such as password managers, authentication platforms, device management tools, and popular services like Okta, GitHub, AWS, Microsoft Online, Salesforce, SolarWinds, Box, WordPress, Oracle, and Zoom. While some exposed accounts may be protected by multifactor authentication (MFA), Cyble stresses that dark web monitoring is critical to preventing larger cyberattacks. With over 600 credentials exposed at McAfee, more than 300 at CrowdStrike, and nearly 400 at Palo Alto, Cyble underscores the vulnerability of even top cybersecurity firms, warning that any organization is susceptible to similar breaches.

Read: https://www.infosecurity-magazine.com/news/cybersecurity-vendors-credentials/

Elsewhere Online:

Researchers Warn of Phishing Dangers Linked to Zendesk
Read: https://www.infosecurity-magazine.com/news/zendesk-subdomains-facilitate/

Mirai-Variant Botnet Launches Massive 5.6 Tbps DDoS Attack
Read: https://hackread.com/cloudflare-mitigates-5-6-tbps-mirai-ddos-attack/

ESET Uncovers PlushDaemon APT Attack on South Korean VPN
Read: https://www.infosecurity-magazine.com/news/plushdaemon-apt-targeted-south/

Sophos Warns of Rising Microsoft 365 Ransomware Attacks
Read: https://www.darkreading.com/cyberattacks-data-breaches/email-bombing-vishing-tactics-abound-microsoft-365-attacks

Advanced Tycoon 2FA Kit Leverages Obfuscation to Evade Detection
Read: https://www.infosecurity-magazine.com/news/tycoon-2fa-phishing-kit-upgraded/