The Apache Struts security flaw had been disclosed in March of 2017.
In many cases, companies that paid the ransom were scammed -- the data had simply been wiped.
The simple lesson in this case is to not pre-install software that violates user privacy.
The exposed information also includes names, birthdates and addresses, as well as some driver's license numbers, credit card numbers and other data.
The Dragonfly group now appears to be focused on compromising operational networks.
A pair of misconfigured Amazon S3 buckets belonging to third party vendors exposed two companies' highly sensitive data.
Widely used Java framework is once again updating for some highly impactful issues.
And if tech companies don't provide access, Rosenstein said, "legislation may be necessary."
The campaign is just one of many currently distributing Locky ransomware.
Patients using the pacemakers will need to be provided with a firmware update by a medical professional.
Widely used ecommerce module had a flaw that could have been used as a stepping stone to a larger attack.
The data was found on a misconfigured server for the Onliner spambot.
16 percent of IT security professionals say their company isn't preparing for GDPR at all, a recent survey found.
At least 1,774 of the devices were still accessible as of the end of last week.
Financial services companies are now required to have a CISO, a written cyber security policy, and a fully funded and staffed cyber security program.
Next to reliable data backups, a good cyber insurance policy may be your best protection against the damage wrought by ransomware attacks.