ZeroFox Daily Intelligence Brief - September 11, 2023
|by Alpha Team
ZeroFox Daily Intelligence Brief - September 11, 2023
ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Please find today’s daily roundup to give you and your clients an advantage over the adversary.
Brief Highlights
- AP Stylebook Data Breach Led to Targeted Phishing Attacks
- Notepad ++ Patches Several Buffer Overflow Vulnerabilities
- Cisco Warns of Actively Exploited Network Compromise Zero-Day
- Data broker / initial-access broker / hacktivist group: Exploit user opal and Anonymous Sudan
- Vulnerabilities: CVE-2023-4874 and CVE-2023-42277
- Exploit: CVE-2020-13151 and CVE-2020-16898
- BreachForums: My Book Qatar Data Breach and BreachForums: Indian Government Employees Data Leak
AP Stylebook Data Breach Led to Targeted Phishing Attacks
The Associated Press has disclosed that personal information of over 200 AP Stylebook customers was breached in an attack on an old third-party-managed AP Stylebook site. The stolen data (including name, email and physical address, phone number, Social Security number, etc.) was used to conduct targeted phishing attacks. All AP Stylebook customers need to reset their passwords on the next login. Even though “just” 224 customers were directly affected by the breach, those affected are likely to be related to media and journalism bodies, whose credentials are highly valuable to threat actors.
Notepad ++ Patches Several Buffer Overflow Vulnerabilities
Several buffer-overflow zero-day vulnerabilities (CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, and CVE-2023-40166) have been reported in Notepad++ version 8.5.2, a widely used source-code editor. Proof-of-concept exploits are publicly available for these bugs. These vulnerabilities, which exist in various functions, could potentially lead to arbitrary code execution and affect the software's ability to handle crafted files. Users are strongly advised to update to version 8.5.7 to mitigate security risks, even though some issues remain unresolved in that version.
Cisco Warns of Actively Exploited Network Compromise Zero-Day
Cisco has warned customers about a zero-day vulnerability (CVE-2023-20269) in the Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software. Ransomware operators have been observed actively exploiting this medium-severity flaw to gain access to corporate networks. The vulnerability affects the VPN feature of these Cisco products, enabling unauthorized remote attackers to conduct brute-force attacks on existing accounts. By exploiting these accounts, attackers can establish clientless SSL VPN sessions. While Cisco has released interim security bulletins with various workarounds, security updates are yet to be released at the time of reporting.
THREAT ACTIVITY: INITIAL-ACCESS BROKERS, DATA BROKERS, AND HACKTIVISTS
- Exploit user opal:: Selling access to dealer account for unnamed U.S.-based cell phone store
- Anonymous Sudan::Attempting to take down Telegram via DDoS attacks, after Telegram banned the group’s main account
VULNERABILITIES
- CVE-2023-4874: Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12
- CVE-2023-42277: hutool v5.8.21 was discovered to contain a buffer overflow
EXPLOIT
- CVE-2020-13151: Aerospike Database 5.1.0.3 Remote Command Execution
- CVE-2020-16898: Bad Neighbor: a dedicated bug within the IPv6 Neighbor Discovery Protocol
BREACHES
- BreachForums: My Book Qatar Data Breach: Phone number, name, date of birth, gender, nationality, and user activity (267,461 Records)
- BreachForums: Indian Government Employees Data Leak: Gender, name, date of birth, phone number, and physical address (67,820 Records)
Tags: DIB, tlp:green