"Proof-of-concept exploit code has been released online for two actively exploited vulnerabilities in Microsoft Exchange, known as ProxyNotShell.
The two flaws are:
CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2022-41082 – Microsoft Exchange Server Remote Code Execution Vulnerability
"Threat actors are abusing Google's Looker Studio (formerly Google Data Studio) to boost search engine rankings for their illicit websites that promote spam, torrents, and pirated content."
TLP1 : Green
"Anton Napolsky (33) and Valeriia Ermakova (27), two Russian nationals, were charged with intellectual property crimes linked to Z-Library, a pirate online eBook repository. The defendants were arrested on November 3, 2022, in Argentina by the country's authorities at the request of U.S. law enforcement."
"Hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show."
TLP1 : Green
"Surveillance campaigns against Uyghurs and other Turkic ethnic minorities have been operational for years. Recently, Lookout researchers have discovered two ongoing surveillance campaigns targeting Uyghurs in the People’s Republic of China and abroad."
"Russian hacktivists have infected multiple organizations in Ukraine with a new ransomware strain called 'Somnia,' encrypting their systems and causing operational problems."
TLP1 : Green
"A security researcher scored a $70k bug bounty payout after accidentally discovering a Google Pixel lock-screen bypass hack.
The vulnerability, discovered by David Schütz, meant an attacker could unlock any Google Pixel phone without knowing the passcode. Google fixed the issue (tracked at CVE-2022-20465) with a November update, allowing Schütz to go public with his findings.
"A Navy nuclear engineer and his wife were sentenced to over 19 years and more than 21 years in prison for attempting to sell nuclear warship design secrets to what they believed was a foreign power agent.
The two defendants, Jonathan and Diana Toebbe, however, tried selling restricted information (such as printouts, digital media files containing technical details, and operations manuals) to an undercover FBI agent."
"Microsoft is now promoting some of its products in the sign-out flyout menu that shows up when clicking the user icon in the Windows 11 start menu.
This new Windows 11 "feature" was discovered by Windows enthusiast Albacore, who shared several screenshots of advertisement notifications in the Accounts flyout.
The screenshots show that Microsoft promotes the OneDrive file hosting service and prods users to create or complete their Microsoft accounts.
