Sergiu Gatlan reports: Ransomware gangs are now targeting a recently patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks. If successfully exploited, this OGNL injection vulnerability (CVE-2022-26134) enables unauthenticated attackers to take over unpatched servers remotely by creating new admin accounts…
Category: Hack
Data breach lawsuits settle: UPMC vendor and a holding company for department stores
Two potential class action lawsuits involving data breaches have reportedly settled. One awaits final approval in October, but the other settlement is already final. University of Pittsburgh Medical Center data breach $450K class action settlement During April to June 2020, Charles J. Hilton PC (CJH), a firm hired by UPMC for billing services, allegedly suffered…
District 207 Approves Cybersecurity Contract In Wake Of Attempted Breach
Igor Studenkov reports: Maine Township High School Dist. 207 Board of Education voted unanimously on Monday (June 6) to award a one-year cybersecurity contract to the company that helped the district prevent a security breach a few weeks earlier. The district considered bids from seven vendors. When one of the bidders, Texas-based Crowdstrike, was demonstrating…
Defensive Cyber Attacks Declared Legal by UK AG, Path Cleared to “Hack Back” When Critical Infrastructure & Services Attacked
Scott Ikeda reports: The Attorney General of the United Kingdom has declared the country can make use of defensive cyber attacks when “key services” (such as critical infrastructure and banks) are struck by foreign threat actors. The country is taking a formal position on extending international law to the digital realm, something that nations have…
US agencies detail the digital ‘plumbing’ used by Chinese state-sponsored hackers
Martin Matishak reports: U.S. agencies on Tuesday offered new details about how Chinese state-sponsored hackers have used publicly known vulnerabilities to target internet service providers and major telecommunications firms around the globe over the last two years. Taking advantage of common vulnerabilities and exposures (CVEs) allows malicious actors backed by Beijing to break into victim…
Is cyberinsurance for cyberattacks becoming harder to find and more costly?
Attorney Jeff Drummond writes: News from the Cyberinsurance Market: Healthcare entities are finding that cybersecurity insurance is getting harder to find. Insurers are leaving the market, and prices are going up. Having cyberinsurance has always been a good call, from the time the insurance first hit the market, because (i) the risk is so hard to quantify,…