#AxisOfEasy 391: PowerSchool Data Breach Exposes Millions Of Students But Hides Key Details


Weekly Axis Of Easy #391


Last Week’s Quote was: “We are all born mad. Some remain so,”  was by  Samuel Beckett.  No one got it.

This Week’s Quote:  “You can’t create wealth by sharing poverty. There is no way you can do that miracle. Not even by the magicians of communism.” By ???

THE RULES:  No searching up the answer, must be posted at the bottom of the blog post, in the comments section.

The Prize:  First person to post the correct answer gets their next domain or hosting renewal on us.


This is your easyDNS #AxisOfEasy Briefing for the week of March 10th 2025 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.

 


In this issue: 

  • PowerSchool Data Breach Exposes Millions of Students but Hides Key Details
  • Garantex Crypto Exchange Busted in Massive Money Laundering Crackdown
  • Hackers Use Fake Trump Crypto to Hijack Computers in Minutes
  • Massive Cyberattack Hits X Elon Musk Blames It on Mysterious Foreign Hackers
  • Elon Musk’s Legal War With Media Matters Takes a Major Hit
  • DNSSEC Visualization Tool Added To DomainHelp

Elsewhere Online:

  • TP-Link Router Vulnerability Used in Ballista IoT Botnet Attacks
  • Win32 Kernel Vulnerability Exploited for Two Years Discovered
  • Facebook Ads Used to Spread Cryptocurrency Stealing Malware
  • Apple Releases Security Update for Critical WebKit Flaw
  • Vulnerabilities Found in AI Security Tool Picklescan

 

PowerSchool Data Breach Exposes Millions of Students but Hides Key Details

PowerSchool, a major K-12 software provider, suffered a massive data breach in December 2024. The hacker accessed the company’s student information system, potentially exposing millions of students and teachers across North America.

Despite hiring cybersecurity firm CrowdStrike, PowerSchool has not revealed the exact number of affected individuals. Reports suggest over 62 million students’ personal data may have been compromised.

Schools report losing “all” historical student and teacher data, including sensitive records like medical information and parental access rights. Affected districts are investigating the breach themselves due to PowerSchool’s silence.

The company also negotiated with the hacker but won’t confirm if a ransom was paid. “PowerSchool does not anticipate the data being shared,” spokesperson Beth Keebler claimed, but the company refuses to show proof.

CrowdStrike’s forensic report revealed a hacker had access since August 2024, raising concerns about the company’s security measures.

Read: https://techcrunch.com/2025/03/10/what-powerschool-isnt-saying-about-its-massive-student-data-breach/

 

Garantex Crypto Exchange Busted in Massive Money Laundering Crackdown

Authorities from the U.S., Germany, and Finland shut down Garantex, a cryptocurrency exchange accused of laundering billions. Two key figures, Aleksej Besciokov and Aleksandr Mira Serda, face charges in Virginia.

Law enforcement seized Garantex’s websites, servers, and $28 million in crypto. The exchange allegedly processed $96 billion in transactions, facilitating hacking, ransomware, and terrorism financing.

Besciokov, the technical administrator, and Mira Serda, the co-founder, allegedly helped criminals evade sanctions. “They provided incomplete information to Russian law enforcement,” investigators claim.

Despite U.S. sanctions in 2022, Garantex continued operating by changing wallet addresses. Clients reportedly included North Korea’s Lazarus Group and Russian oligarchs.

A public appeal urges victims to come forward as the case unfolds.

Read: https://hackread.com/garantex-crypto-exchange-seized-2-charged-laundering/

Hackers Use Fake Trump Crypto to Hijack Computers in Minutes

Cybercriminals are using fake Binance emails to lure users into downloading “TRUMP” meme coins. The emails claim users can earn up to 2,000 coins, but instead, they install the ConnectWise RAT malware.


According to Cofense, hackers can take control of a victim’s device in under two minutes. “The threat actors … are eagerly monitoring infections,” said Max Gannon from Cofense’s Intelligence Team.


The phishing emails mimic Binance’s branding and even include a “risk warning” to appear legitimate. Clicking the download link leads to an infected Binance app that steals saved passwords and grants remote access.

Experts warn that fake crypto offers are common, especially tied to trending events like Donald Trump’s presidency. “Cybercriminals enhance credibility by aligning scams with current events,” said Jason Soroko from Sectigo.

Users should avoid clicking on unsolicited crypto deals. Cofense has shared indicators of compromise to help organizations detect infections.

Read: https://www.darkreading.com/cyberattacks-data-breaches/binance-spoofers-compromise-pcs-trump-crypto-scam


Massive Cyberattack Hits X Elon Musk Blames It on Mysterious Foreign Hackers

Elon Musk confirmed that X suffered a massive cyberattack on March 10, 2025. He stated that the attack’s IP addresses originated in the Ukraine area. The incident briefly disrupted service across the U.S. East Coast.

Musk suggested the attack required “a lot of resources” and could be linked to a “coordinated group and/or a country.” His team is actively tracing its origins.

The hacking group Dark Storm Team claimed responsibility for a DDoS attack. X was offline for 30 to 45 minutes but is now operational. Further details are expected as investigations continue.

Read: https://www.zerohedge.com/technology/x-suffers-outage-nationwide

 

Elon Musk’s Legal War With Media Matters Takes a Major Hit

Media Matters for America (MMFA) is fighting back against Elon Musk’s lawsuits against the organization. On Monday, MMFA filed a complaint in a San Francisco court, arguing that X violated its own terms of service by suing in Texas, Dublin, and Singapore. The TOS states that any legal disputes must be handled in San Francisco.

“X Corp.’s decision to file in multiple jurisdictions across the globe is intended to chill Media Matters’ reporting and drive up costs,” MMFA claimed.

Musk sued MMFA over its report showing X ads appearing next to Nazi-related posts, which allegedly caused an ad boycott. MMFA argues Musk is punishing them for exposing flaws in X’s content moderation.

MMFA has spent millions fighting these lawsuits. If the court rules in MMFA’s favor, X may owe damages for filing outside the agreed venue. The legal battle comes as X struggles with declining ad revenue and financial instability.

Read: https://arstechnica.com/tech-policy/2025/03/xs-globe-trotting-defense-of-ads-on-nazi-posts-violates-tos-media-matters-says/


DNSSEC Visualization Tool Added To DomainHelp

In case you haven’t noticed the new DomainHelp website  (this used to be our “easyWhois”), we’ve been adding new tools, like an SPF Flattener, a “DNS Twister” and most recently: a DNSSEC visualization tool.

It uses the DNSViz open source framework, but now if you’re looking up something else on DomainHelp, it saves you a trip.

Try it: https://app.domainhelp.com/dnssec-report



Elsewhere Online:

 

TP-Link Router Vulnerability Used in Ballista IoT Botnet Attacks
Read: https://www.darkreading.com/cyberattacks-data-breaches/ballista-botnet-campaign-exploits-2023-vuln-tp-link-routers


Win32 Kernel Vulnerability Exploited for Two Years Discovered
Read: https://www.securityweek.com/newly-patched-windows-zero-day-exploited-for-two-years/


Facebook Ads Used to Spread Cryptocurrency Stealing Malware
Read: https://www.darkreading.com/cyberattacks-data-breaches/hot-button-facebook-ads-middle-east-africa-victims


Apple Releases Security Update for Critical WebKit Flaw
Read: https://thehackernews.com/2025/03/apple-releases-patch-for-webkit-zero.html


Vulnerabilities Found in AI Security Tool Picklescan
Read: https://hackread.com/picklescan-vulnerabilities-bypass-ai-security-checks/

If you missed the previous issues, they can be read online here:

 

Leave a Reply

Your email address will not be published. Required fields are marked *