zerofox logo
Advisories

ZeroFox Daily Intelligence Brief - September 4, 2023

|by Alpha Team

banner image

ZeroFox Daily Intelligence Brief - September 4, 2023

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Please find today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

  • Golf Gear Giant Callaway Data Breach Exposes Info of 1.1 Million
  • Q2 2023 Public Sector Quarterly Threat Landscape Report
  • VMware Issues Patches for Aria Operations After Exploit Code Surfaces
  • Data broker / initial-access broker / hacktivist group: Anonymous Sudan and Cyb3r Drag0nz
  • Vulnerabilities: CVE-2023-38521 and CVE-2023-37220
  • Exploits: CVE-2021-31166 and CVE-2021-20038
  • Telegram: Plato Online Data Breach (170,303 Records) and XSS: The Chin Forum Data Breach (58,089 Records)

Golf Gear Giant Callaway Data Breach Exposes Info of 1.1 Million

Golf-equipment company Topgolf Callaway has disclosed a data-breach incident that occurred in early August 2023 and affected over a million customers. The incident disrupted e-commerce services and compromised customer data including names, addresses, emails, phone numbers, and passwords. No financial or government ID details were compromised. Callaway enforced mandatory password resets and urged customers to strengthen their online security practices.

Q2 2023 Public Sector Quarterly Threat Landscape Report

ZeroFox Intelligence has observed that iIllicit access to public-sector organizations advertised in dark-web forums reduced in Q2 2023, bucking an overall upward trend seen in most other sectors. However, changes to digital-extortion tactics led to greater operational downtime, reputational damage, and legal ramifications. LockBit remained the primary digital extortion threat to the sector. Search Engine Optimization (SEO) poisoning and leveraging of malicious Google adverts to disseminate malware continued on an upward trajectory.

VMware Issues Patches for Aria Operations After Exploit Code Surfaces

A security flaw (CVE-2023-34039) was observed in VMware's Aria Operations for Networks analysis tool (formerly vRealize Network Insight). The flaw allows remote attackers to bypass SSH authentication and access the command line interface due to a cryptographic key generation issue. VMware released patches in version 6.11 and advised admins to update to the latest versions.

THREAT ACTIVITY: INITIAL-ACCESS BROKERS, DATA BROKERS, AND HACKTIVISTS

VULNERABILITIES

  • CVE-2023-38521: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Exifography plugin <= 1.3.1 versions.
  • CVE-2023-37220: Synel Terminals - CWE-494: Download of Code Without Integrity Check

EXPLOITS

BREACHES

Tags: DIBtlp:green