If you have been reading @Chum1ng0’s weekly “Bits n’ Pieces (Trozos y Piezas)” column on Fridays, you have already read about the Guacamaya group’s hack and leak of government files from Chile and other Latam countries. The incident has received public attention in Chile, where some have proposed a national cybersecurity agency. The Mexican government…
Eight Shangri-La hotels in Asia hit by data breach, potentially exposing guest information
Eight Shangri-La hotels in Asia, including Singapore and Hong Kong, were hit by a data breach, potentially exposing guest information such as names, email addresses and phone numbers. […] “The investigation revealed that between May and July 2022, a sophisticated threat actor managed to bypass Shangri-La’s IT security monitoring systems undetected and illegally accessed the…
Bits ‘n Pieces (Trozos y Piezas)
Cl (Update): Failure to patch resulted in an embarrassing government leak Last week, DataBreaches noted that Guacamaya Group hacktivists had leaked emails from El Estado Mayor Conjunto De Chile (EMCO), the advisory body of the Chilean Ministry of Defense, the Joint Chiefs of Staff, and other governments. Now BiobioChile reports the government is considering the…
The Coeur Group notifies patients of data breach
DataBreaches has not seen anything on HHS’s public breach tool, but the Coeur Group in Omaha, Nebraska, published a legal notice about a cybersecurity incident involving patient information. According to their statement, an employee’s email account in Coeur Group’s business email system was compromised between June 7 and July 12, 2022. The breach was discovered on…
Data Breach at Canadian Border Agency Contractor Involved up to 1.38 Million Licence Plates
The Canadian Press reports: The federal privacy watchdog says a data breach at a contractor for Canada’s border agency involved as many as 1.38 million licence plate images and associated information. In a report detailing its investigation, the privacy commissioner’s office cites inconsistencies in the way the Canada Border Services Agency managed licence plate information…
Microsoft confirms new Exchange zero-days are used in attacks
Sergiu Gatlan reports: Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild. “The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to…