Elise Elam and Benjamin Wanger of BakerHostetler write: We recently wrote about North Carolina’s new law prohibiting state agencies – including public schools and universities – from paying a ransom or even communicating with a threat actor following a ransomware incident. On June 24, Florida followed suit when its governor signed HB 7055 into law, amending portions…
Atlassian: Confluence hardcoded password was leaked, patch now!
Sergiu Gatlan reports: Australian software firm Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and Data Center servers. As the company revealed this week, the Questions for Confluence app (installed on over 8,000 servers) creates a disabledsystemuser account with a hardcoded password to help admins…
Pointer: RHC interviews LockBit 3.0. “The main thing is not to start a nuclear war”
There’s an interview with LockBit 3.0 on RedHotCyber. The original interview in English is below the Italian translation. You can find it all here.
T-Mobile agrees to pay $350 million in data breach affecting 77 million users
IANS reports: Telecommunications company T-Mobile has agreed to pay $500 million to settle a class-action lawsuit in a 2021 data breach that impacted nearly 76.6 million users’ data in the US. T-Mobile will put $350 million into a settlement fund to go to lawyers, fees, and the affected, according to the proposed agreement filled on Friday. The company will also…
Croatia’s data protection regulator fines telecom €285,000 for insufficient security that facilitated data breach
Summary: The Croatian DPA has fined a telecommunications company EUR 285,000. The company had suffered a data breach. Attackers had managed to access data from about 100,000 data subjects. During its investigation, the DPA found that such a breach was facilitated by the company’s failure to implement adequate technical and organizational security measures for the…
Bellingham Public Library notifying patrons of data breach
asmith reports that the Bellingham Public Library in Washington suffered a breach impacting 735 patrons. The data, downloaded by an unknown source, included patrons’ names and birthdates, along with their library ID information. Bellingham’s breach notice, posted on their website, explains that the data were breached in a breach of Whatcom County Library System (WCLS),…