How ShinyHunters hacked the world's biggest universities

Welcome to the largest educational data breach in history - affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas's parent company refused to pay and announced they had deployed "security patches" instead, the hackers were less than impressed. So they came back through the cat flap.

Meanwhile, a famous finance expert's face has been showing up on Facebook adverts promising hot stock tips and exclusive WhatsApp investment groups. Spoiler: it isn't him, the tips aren't real, and you're about to be scammed.

Plus we chat to Mike Nichols of Elastic, about how the SOC isn't dying, attackers and defenders are both deploying AI agents, and how the real security crisis is no longer human users - it's the bots acting on their behalf.

All this and more in episode 467 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Danny Palmer.

EPISODE LINKS:

• ICO fines South Staffordshire £963K over 2022 breach - The Register.
• US bank reports itself after AI customer data mishap - The Register.
• Hackers abuse Google ads, Claude.ai chats to push Mac malware - Bleeping Computer.
• Canvas hack: What we know about apparent cyberattack that impacted thousands of schools - CNN.
• Canvas hack: Company pays criminals to delete students' stolen data - BBC News.
• Post by @amosmagliocco.bsky.social - Bluesky.
• Post by @sethcotlar.bsky.social - Bluesky.
• The Architecture of Deception: How a $187 Million Fraud Ecosystem Exploits Trust Across Australia and the United States - Group IB.
• The Fake Nobel that Duped the Romanian Academy - Scena9.
• A (Very) Short History of Life On Earth by Henry Gee - Waterstones.
• Smashing Security merchandise (t-shirts, mugs, stickers and stuff)

SPONSORS:

• Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
• Elastic – AI is transforming security operations, but security is still a data problem. Learn how context-rich data drives faster, more reliable defence.
• CoreView - How secure is your Microsoft 365 tenant? Find out with CoreView's free Microsoft 365 Tenant Security Scanner.

SUPPORT THE SHOW:

Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.

Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!

FOLLOW THE SHOW:

Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.

THANKS:

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Privacy & Opt-Out: https://redcircle.com/privacy