Bits ‘n Pieces (Trozos y Piezas)

Cl (Update): Failure to patch resulted in an embarrassing government leak Last week, DataBreaches noted that Guacamaya Group hacktivists had leaked emails from El Estado Mayor Conjunto De Chile (EMCO), the advisory body of the Chilean Ministry of Defense, the Joint Chiefs of Staff, and other governments. Now BiobioChile reports the government is considering...

The Coeur Group notifies patients of data breach

DataBreaches has not seen anything on HHS’s public breach tool, but the Coeur Group in Omaha, Nebraska, published a legal notice about a cybersecurity incident involving patient information. According to their statement, an employee’s email account in Coeur Group’s business email system was compromised between June 7 and July 12, 2022. The breach was discovered...

Data Breach at Canadian Border Agency Contractor Involved up to 1.38 Million Licence Plates

The Canadian Press reports: The federal privacy watchdog says a data breach at a contractor for Canada’s border agency involved as many as 1.38 million licence plate images and associated information. In a report detailing its investigation, the privacy commissioner’s office cites inconsistencies in the way the Canada Border Services Agency managed licence plate...

Microsoft confirms new Exchange zero-days are used in attacks

Sergiu Gatlan reports: Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild. “The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is accessible...

Swachh City Platform Suffers Data Breach Leaking 16 Million User Records

Ravie Lakshmanan reports: A threat actor by the name of LeakBase has shared a database containing personal information allegedly affecting 16 million users of Swachh City, an Indian complaint redressal platform. Leaked details include usernames, email addresses, password hashes, mobile numbers, one-time passwords, last logged-in times, and IP addresses, among others, according to a...