Data from individuals who contacted the Lorenz ransomware group between June 3, 2021 and Sept. 17, 2023, including names, email addresses, and online form subject lines, were accidentally leaked due to a misconfigured Apache2 web server, according to The Register.
Such a misconfiguration facilitated back-end PHP code exposure from their login form, said security researcher htmalgae, who discovered and published the leaked data. While most of the impacted individuals leveraged aliases and Proton Mail email addresses, some of the exposed data were noted to be obtained from reporters, security researchers, and financial service workers.
"It was probably one of the easiest leaks I've discovered so far. During my daily sweep of all the ransomware shame sites, I came across Lorenz's broken contact form. It was really as simple as viewing the source on the page and copy-pasting the leaked file path. It was pretty much placed in my lap, I didn't even need to do a vulnerability scan," said htmalgae.
Nearly $115 million worth of cryptocurrency have been stolen so far from the HTX digital currency exchange, formerly Huobi, and the Heco Chain blockchain bridge following a cyberattack last week, CNBC reports.
Cyber Resilience in the Ransomware and Wiper Era New Strategies for CISOs to Protect
The changing face of ransomware, and how to respond
Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news