InfoSec News Nuggets 10/03/2022

Microsoft confirms new Exchange zero-days are used in attacks Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild. "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker," Microsoft said. "At this time, Microsoft is aware of limited targeted attacks using…
Read More

InfoSec News Nuggets 7/9/2020

Cops Seize Server that Hosted BlueLeaks, DDoSecrets Says Authorities in Germany have seized a server used by the organization that published a trove of US police internal documents commonly known as BlueLeaks, according to the organization’s founder. On Tuesday, Emma Best, the founder of Distributed Denial of Secrets or DDoSecrets, a WikiLeaks-like website that has published the police data, said that prosecutors in the German town of Zwickau seized the organization’s “primary public download server.” “We are working…
Read More

InfoSec News Nuggets 6/23/2020

Activists publish 269GB of hacked US police force data Dubbed BlueLeaks, the group known as Distributed Denial of Secrets (DDoSecrets) has published 269GB of material providing insights into law enforcement and a wide array of US government activities. The public can also access the information in its entirety. These files include hundreds of thousands of images, as well as documents, tables, text files, videos and emails, with the complete dataset available to download by anybody…
Read More

InfoSec News Nuggets 5/27/2020

Roughly half the Twitter accounts pushing to 'reopen America' are bots, researchers found There's been a surge in bot activity in the past month in online discussions about reopening America from COVID-19 shutdowns, researchers at Carnegie Mellon University said this week. The researchers analyzed over 200 million tweets discussing COVID-19 and found that roughly half the accounts were likely bots. They identified the bots by looking for accounts that tweeted more frequently than humanly possible…
Read More