Sergiu Gatlan reports: Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild. “The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to…
Author: Dissent
Dismantling a Prolific Cybercriminal Empire: REvil Arrests and Reemergence
John Fokker writes: We’ve recently seen reports that the REvil ransomware gang is back online after the January 2022 arrests of several its members by Russian authorities claiming to dismantle the group and the November 2021 arrests of two members by U.S. authorities. While it remains to be seen if this re-emergence of REvil includes…
US says ex-Army major and his wife tried to leak military health data to Russia
Reuters reports: A former US Army major and his anesthesiologist wife have been criminally charged for allegedly plotting to leak highly sensitive healthcare data about military patients to Russia, the Justice Department revealed on Thursday. Jamie Lee Henry, the former major who was also a doctor at Fort Bragg in North Carolina, and his wife,…
British teenager, 18, denies creating computer virus that crashed hundreds of institutions when he was just 14
David O’Dornan and Paul Higgins report: A teenager today denied creating a computer virus which allegedly ‘crashed hundreds of financial institutions across the world when he was just 14 years old. Josh Maunder, now 18, from Abbey Park in Bangor, Co Down in Northern Ireland, entered not guilty pleas to each of the 21 charges against…
Optus tells former Virgin Mobile and Gomo customers they could also be part of data breach
Josh Taylor reports: Former Virgin Mobile and Gomo customers are the latest to have been informed by Optus that their personal information was exposed in the company’s massive data breach, as an identification repair service reveals it has fielded a month’s worth of complaint calls in three days. Read more at The Guardian. In related news, Hannah…
Swachh City Platform Suffers Data Breach Leaking 16 Million User Records
Ravie Lakshmanan reports: A threat actor by the name of LeakBase has shared a database containing personal information allegedly affecting 16 million users of Swachh City, an Indian complaint redressal platform. Leaked details include usernames, email addresses, password hashes, mobile numbers, one-time passwords, last logged-in times, and IP addresses, among others, according to a report…