Lawrence Abrams reports: A US managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint, and CRM services. According to an email sent to MyAppsAnywhere customers shared on Reddit, the company detected signs of a cyberattack on Tuesday morning and quickly shut down…
Category: Business Sector
Responsible disclosure: DIVD describes a “long and windy road” notifying a Chinese firm
Some of you will recall that on a few occasions, DataBreaches has collaborated with Dutch researcher Jelle Ursem (aka @SchizoDuckie) to report on entities in the medical sector who were leaking their login credentials in GitHub repositories (see “No Need to Hack When It’s Leaking” and “Good Luck Explaining to HHS Why Your PHI is…
Israeli company Candiru allegedly behind cyberattacks against journalists
Alden Tabac reports: A zero-day vulnerability in Google’s Chrome web browser was discovered on July 1 when it was used to target journalists in the Middle East, according to cybersecurity company Avast. The majority of the attacks took place in Lebanon. “Based on the malware and TTPs used to carry out the attack, we can confidently…
Months after Lopes claimed no anomalies found in their system, hackers were in their system
Lopes is a Brazilian firm that provides real estate services in the form of brokerage and project and financial consulting. Lopes had what appears to be a data breach involving customer data earlier this year. But why the data breach may have continued for months after they denied finding any anomaly in their system is…
Verified Twitter Vulnerability Exposes Data from 5.4 Million Accounts
Sven Taylor reports: A verified Twitter vulnerability from January has been exploited by a threat actor to gain account data allegedly from 5.4 million users. While Twitter has since patched the vulnerability, the database acquired from this exploit is now being sold on a popular hacking forum, posted earlier today. Back in January, a report…
Atlassian: Confluence hardcoded password was leaked, patch now!
Sergiu Gatlan reports: Australian software firm Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and Data Center servers. As the company revealed this week, the Questions for Confluence app (installed on over 8,000 servers) creates a disabledsystemuser account with a hardcoded password to help admins…