Lawrence Abrams reports: Threat actors are now installing a new ransomware called ‘DEARCRY’ after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities. Since Microsoft revealed earlier this month that threat actors were compromising Microsoft Exchange servers using new zero-day ProxyLogon vulnerabilities, a significant concern has been when threat actors would use it to…
Category: Of Note
How do you make a data breach even worse? You notify the victims that they are dead.
The headline says it all: Some Treasure Valley residents receiving letters from Saint Alphonsus saying they are dead The situation started routinely enough — an employee’s email account was compromised. In this case, the access was used to send out spam. Somehow, however, in the process of sending breach notifications, there was a mail merge…
Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals
William Turton reports: A group of hackers say they breached a massive trove of security-camera data collected by Silicon Valley startup Verkada Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools. Companies whose footage was exposed include carmaker Tesla Inc. and software provider Cloudflare Inc. In addition, hackers were able to…
NYDFS Penalizes Mortgage Company For Not Disclosing 2019 Breach
Kim Phan of Ballard Spahr writes: On March 3rd, the New York Department of Financial Services (“NYDFS”) announced a settlement with Residential Mortgage Services, Inc. (“RMS”) to resolve allegations that RMS violated the NYDFS Cybersecurity Regulation relating to a 2019 cyber breach. In July 2020, NYDFS conducted an examination of RMS as a licensed mortgage…
AU: LandMark White data breach trial to put firm under spotlight
Michael Bleby reports the latest developments in the wake of a breach involving Landmark White (now known as Acumentis): ASX-listed valuer LandMark White’s cyber security standards will come under the spotlight this week, as the trial kicks off of an IT contractor accused of stealing customer data from the firm and putting it on the…
Ransomware gang plans to call victim’s business partners about attacks
Lawrence Abrams reports: The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim’s business partners to generate ransom payments. Read more on BleepingComputer.