Keeping K-12 Cybersecure–the newsletter of the K-12 Cybersecurity Resource Center–curates the best cybersecurity and privacy news for K-12 policymakers, administrators, IT professionals, vendors, and privacy advocates. The latest edition (“Phocus on Phishing“) provides information on recent updates to the K-12 Cyber Incident Map, other additions to the Resource Center, and curated news you can use.
Here’s your reading list for articles published since the last newsletter (January 22):
- Phocus on Phishing: “Teachers are trusting people. They care about kids, they want to do the best for them, and they trust people.” They also are quite likely to click on phishing emails and disclose sensitive data (“Phishing attacks challenging teachers, says Utah ed director“). No surprise then that scammers are increasingly targeting K-12 schools with mass email phishing attacks, such as gift card scams (“Phishing Scheme Targets Professors’ Desire to Please Their Deans — All for $500 in Gift Cards“) and direct deposit scams (“Phishing scam may target your direct deposits“). Thankfully, these attacks can be thwarted with a combination of technical controls, strong policies, and user training and awareness (“Soda Springs school district avoids fraud scam“). One new tool that may help (via Motherboard): “Google Made a Quiz to See if You Can Identify Phishing Emails“. Direct link: https://phishingquiz.withgoogle.com/. I went 8 for 8, but its not easy. Be sure to read the context provided for each scenario.
- Guilty or Not Guilty? A Mount Zion (IL) high school student pleads not guilty to computer hacking charges to avoid homework, while FBI agents in North Carolina charged ‘hackers’ with making hundreds of hoax bomb threats to schools.
- Cybersecurity is a global concern, including for schools: In Australia, edtech provider SkoolBag is accused of a data breach (“SkoolBag secure says MOQ, after user creds found in massive dump“), while in the Netherlands, Magister suffered an extended denial-of-service attack (“School System Hit by DDoS Attack; Hundreds of Schools Affected“). And speaking of email phishing targeted to schools: “[UK] School says no data compromised by ‘random’ email phishing attempt.”
- Yet another reason why password managers are good and password re-use is bad (via Wired): “Hacker Lexicon: What Is Credential Stuffing?“
- Via REN-ISAC (the Research Education Networking Information Sharing & Analysis Center): A GitHub repository entitled, “Security-Focused Office 365 Management and Log Scripts for Education.” Looks to be useful stuff.
Be sure to check out the full newsletter and sign-up to ensure you get all the latest news direct to your inbox. And, as always, please contact us with any feedback, tips, or suggestions.