Lopes is a Brazilian firm that provides real estate services in the form of brokerage and project and financial consulting. Lopes had what appears to be a data breach involving customer data earlier this year. But why the data breach may have continued for months after they denied finding any anomaly in their system is…
An Entire Canadian Town Is Being Extorted By Ransomware Cyber Criminals
Lane Babuder reports: Ransomware attacks have been on the rise. This time around, the small Ontario, Canada town of St. Marys has been targeted. The ransomware organization behind the attack seems to be LockBit. So far though, no ransom has been paid. The town itself claims that most city functions are still operational and staff…
Verified Twitter Vulnerability Exposes Data from 5.4 Million Accounts
Sven Taylor reports: A verified Twitter vulnerability from January has been exploited by a threat actor to gain account data allegedly from 5.4 million users. While Twitter has since patched the vulnerability, the database acquired from this exploit is now being sold on a popular hacking forum, posted earlier today. Back in January, a report…
RI: City of Newport advising past, current employees of potential data loss
Ryan Belmore reports: After an exhaustive investigation following the discovery of a suspicious email on one of the City’s internal networks, current and former municipal employees are being notified of a suspected security incident that may have left certain personal information compromised. […] Through the investigation, the City learned that there was unauthorized activity in…
Florida Follows North Carolina in Prohibiting State Agencies from Paying Ransoms
Elise Elam and Benjamin Wanger of BakerHostetler write: We recently wrote about North Carolina’s new law prohibiting state agencies – including public schools and universities – from paying a ransom or even communicating with a threat actor following a ransomware incident. On June 24, Florida followed suit when its governor signed HB 7055 into law, amending portions…
Atlassian: Confluence hardcoded password was leaked, patch now!
Sergiu Gatlan reports: Australian software firm Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and Data Center servers. As the company revealed this week, the Questions for Confluence app (installed on over 8,000 servers) creates a disabledsystemuser account with a hardcoded password to help admins…