Sergiu Gatlan reports: Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild. “The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to…
Category: Of Note
Dismantling a Prolific Cybercriminal Empire: REvil Arrests and Reemergence
John Fokker writes: We’ve recently seen reports that the REvil ransomware gang is back online after the January 2022 arrests of several its members by Russian authorities claiming to dismantle the group and the November 2021 arrests of two members by U.S. authorities. While it remains to be seen if this re-emergence of REvil includes…
US says ex-Army major and his wife tried to leak military health data to Russia
Reuters reports: A former US Army major and his anesthesiologist wife have been criminally charged for allegedly plotting to leak highly sensitive healthcare data about military patients to Russia, the Justice Department revealed on Thursday. Jamie Lee Henry, the former major who was also a doctor at Fort Bragg in North Carolina, and his wife,…
SCOOP: Australian national known as “DR32” to stand trial in U.S. on hacking charges
Australia has ordered an Australian national, David Kee Crees, extradited to the U.S., where he faces 22 counts involving hacking, fraud, and aggravated identity theft. Two of Crees’ better-known aliases were “Abdilo” and “DR32.” “Abdilo” DataBreaches started reporting on Crees in 2015 when he was known to this site as “Abdilo.” At the time, he…
New changes allow Optus data leak victims to change licence numbers
Nick Pearson reports: State governments have begun announcing special changes to allow people exposed in the Optus data leak to get new driver’s licences as soon as possible. Among the details accessed by the hacker are driver’s licence numbers, which are commonly used to verify someone’s identity. NSW Customer Services Minister Victor Dominello said people in the state can get…
Change of Heart? OptusData says they won’t leak or sell more data
After leaking more than 10,000 records from Optus earlier today, “OptusData” appears to have had a change of heart. Their original post was deleted and one hour ago, they posted: Optus Data will not be sold or leaked Too many eyes. We will not sale data to anyone. We cant if we even want to:…