Andrew Martinez reports: The legal fallout from a massive data breach impacting over 4 million borrowers’ personally identifiable information just got bigger. A federal judge Monday ordered a class action lawsuit against Community Loan Servicing be folded into a larger, similar suit against two of its sister companies, according to court records. The consolidated complaints from…
Category: Commentaries and Analyses
CT: Hamden mayor estimates $500,000 cost to address spring cyberattack
Meghan Friedmann reports: A May 26 cybersecurity event that compromised the town’s information technology system and affected government email for weeks is expected to cost the town roughly $500,000. The funds cover legal expenses, a forensics investigation, consultation services, a multi-factor authentication upgrade, security awareness training and increased storage space, according to a memorandum Mayor Lauren Garrett sent…
Data Breach at Canadian Border Agency Contractor Involved up to 1.38 Million Licence Plates
The Canadian Press reports: The federal privacy watchdog says a data breach at a contractor for Canada’s border agency involved as many as 1.38 million licence plate images and associated information. In a report detailing its investigation, the privacy commissioner’s office cites inconsistencies in the way the Canada Border Services Agency managed licence plate information…
Microsoft confirms new Exchange zero-days are used in attacks
Sergiu Gatlan reports: Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild. “The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to…
Dismantling a Prolific Cybercriminal Empire: REvil Arrests and Reemergence
John Fokker writes: We’ve recently seen reports that the REvil ransomware gang is back online after the January 2022 arrests of several its members by Russian authorities claiming to dismantle the group and the November 2021 arrests of two members by U.S. authorities. While it remains to be seen if this re-emergence of REvil includes…
Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks
Lawrence Abrams reports: The relatively new Bl00Dy Ransomware Gang has started to use a recently leaked LockBit ransomware builder in attacks against companies. Last week, the LockBit 3.0 ransomware builder was leaked on Twitter after the LockBit operator had a falling out with his developer. This builder allows anyone to build a fully functional encryptor and decryptor…