Brian Krebs writes: 911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look…
Category: Of Note
Ransom payments fall as fewer victims choose to pay hackers
Bill Toulas reports: Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value, a trend that continues since the last quarter of 2021. Ransomware remediation firm Coveware has published a report today with ransomware data from the second quarter of 2022 showing that although the…
Infinity Rehab and Avamere Health Services notify 380,984 patients about breach at Avamere (with updates)
In April 2022, DataBreaches became aware of a possible breach involving Avamere Holdings, a group of companies providing senior living healthcare and rehabilitation services including IT services. Today, we learned that they did have a breach of their network. Premere Rehab, LLC (“Infinity Rehab”) reported that Avamere Health Services had alerted them that they had…
Growing risk to Indonesian citizens’ privacy as breaches and leaks appear on marketplaces
On July 22, DataBreaches reported on some recent breaches affecting Thai citizens and residents. In researching that post, DataBreaches was struck by the number of listings or offerings of data from ASEAN countries. In this post, DataBreaches provides a partial listing of some recent leaks or breaches affecting Indonesian citizens and residents. In general, the…
Florida Follows North Carolina in Prohibiting State Agencies from Paying Ransoms
Elise Elam and Benjamin Wanger of BakerHostetler write: We recently wrote about North Carolina’s new law prohibiting state agencies – including public schools and universities – from paying a ransom or even communicating with a threat actor following a ransomware incident. On June 24, Florida followed suit when its governor signed HB 7055 into law, amending portions…
Atlassian: Confluence hardcoded password was leaked, patch now!
Sergiu Gatlan reports: Australian software firm Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and Data Center servers. As the company revealed this week, the Questions for Confluence app (installed on over 8,000 servers) creates a disabledsystemuser account with a hardcoded password to help admins…