ZeroFox Daily Intelligence Brief - July 21, 2023
|by Alpha Team
ZeroFox Daily Intelligence Brief - July 21, 2023
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Please find today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
-Flash Report: New Gold-Backed Currency Potentially Introduced by BRICS
- Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities
- Github Warns of Lazarus Hackers Targeting Devs with Malicious Projects
- Data broker / initial-access broker / Cactus Blog: ZeroFox Intelligence observed a new leak site listing 18 victims and ShadowHacker Leaks: Posted data allegedly stolen from the Government of Taiwan website
- Vulnerabilities: CVE-2023-29405 and CVE-2023-37291
- Exploits: CVE-2011-1653 and CVE-2019-0232
- Breaches: BreachForums/XSS: Duelingnetwork Data Breach and BreachForums/XSS: Canva Data Breach_Additional Dataset
Flash Report: New Gold-Backed Currency Potentially Introduced by BRICS
A new gold-based trading currency is speculated to be introduced in the BRICS summit next month. Negotiating a single currency among BRICS countries would be difficult considering the complex economic and political framework within the bloc. The New Development Bank recently indicated that BRICS does not have any immediate plans to create a common currency and that the development of an alternative currency is a medium- to long-term ambition.
Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities
Multiple security flaws in Apache OpenMeetings, a web conferencing solution, were disclosed on March 20, 2023, and addressed in Openmeetings version 7.1.0 released on May 9, 2023. These flaws could enable malicious actors to seize control of admin accounts and run malicious code on susceptible servers. The flaws include an insufficient check of invitation hash (CVE-2023-28936), an authentication bypass (CVE-2023-29032), and a NULL byte injection (CVE-2023-29246).
Github Warns of Lazarus Hackers Targeting Devs with Malicious Projects
North Korean state-sponsored Lazarus group is targeting developers in blockchain, cryptocurrency, online gambling, and cybersecurity sectors via social-engineering schemes. The attackers compromise legitimate accounts or create fake personas to contact developers and initiate conversations on platforms like WhatsApp. They then invite targets to collaborate on GitHub projects that contain malicious NPM dependencies, downloading further malware to the devices. GitHub has suspended affected accounts and provided indicators associated with the campaign.
THREAT ACTIVITY: INITIAL-ACCESS BROKERS, DATA BROKERS, AND HACKTIVISTS
- Cactus Blog: ZeroFox Intelligence observed a new leak site listing 18 victims.
- ShadowHacker Leaks: Posted data allegedly stolen from the Government of Taiwan website
VULNERABILITIES
- CVE-2023-29405 - The go command may generate unexpected code at build time when using cgo.
- CVE-2023-37291 - Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key.
EXPLOITS
- CVE-2011-1653: CA Total Defense Suite - reGenerateReports Stored procedure SQL Injection
- CVE-2019-0232:Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution
BREACHES
- BreachForums/XSS: Duelingnetwork Data Breach (2,506,226 Records) Email address and password
- BreachForums/XSS: WeHeartIt Data Breach (2,694,162 Records) Email address and password
Tags: DIB, tlp:green