LexisNexis confirms data breach at Legal & Professional arm, some customer records affected
Summary
LexisNexis has confirmed a data breach affecting its Legal & Professional division. The cybercrime group Fulcrumsec claimed responsibility, stating they exfiltrated approximately 2 GB of data from an AWS instance using a React2Shell exploit.
IFF Assessment
FOE
The article details a successful data breach by a named threat actor, indicating a victory for attackers.
Defender Context
This incident highlights the ongoing risks associated with cloud infrastructure and the exploitation of web application vulnerabilities like React2Shell. Defenders should ensure robust access controls, regular vulnerability patching for web applications, and comprehensive monitoring of cloud environments to detect and respond to potential intrusions.