AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 09/04/2023

Golf gear giant Callaway data breach exposes info of 1.1 million

Topgolf Callaway (Callaway) suffered a data breach at the start of August, which exposed the sensitive personal and account data of more than a million customers. Callaway is an American sports equipment maker and seller specializing in golf equipment and accessories such as clubs, balls, bags, gloves, and caps. The company is present in more than 70 countries worldwide and has an annual revenue of over $1.2 billion. It employs roughly 25,000 people.


X, formerly Twitter, to collect biometric and employment data

X, formerly known as Twitter, will collect biometric data on its users, such as a photograph of their face, in an update to its privacy policy. People signed up to its subscription service, X Premium, can choose to provide a selfie and photo ID for verification. The policy also states X may collect employment and educational history. This would be to “recommend potential jobs for you, to share with potential employers when you apply for a job”.


Hackers push anti-Iranian government messages to millions via breached app

An Iranian-focused hacking group known as Black Reward that has a history of going after the Iranian government announced a new attack late Thursday, this time targeting a financial services app that millions of Iranians use for digital transactions. “Death to Khamenei,” the messages read according to a Google translation of screenshots the group posted online. “We return to the street because the revolution continues. For woman, life, freedom,” the message read, along with the hashtag “#MahsaAmini,” a reference to the Iranian woman killed in police custody in September 2022, sparking waves of nationwide protests.


Ransomware attackers are targeting exposed Microsoft SQL databases, report says

Ransomware campaigns are using internet-exposed Microsoft SQL databases as a beachhead to launch attacks on victim systems, according to researchers. Cybersecurity company Securonix said that it found examples of hackers exploiting Microsoft SQL (MSSQL) — a popular software product that helps users store and retrieve data requested by applications. Microsoft’s version is one of several database managers that use SQL, short for structured query language. Oleg Kolesnikov, vice president of threat research at Securonix, told Recorded Future News that the typical attack sequence begins with hackers trying to gain access to exposed Microsoft SQL databases through brute forcing — a hacking method that uses trial and error to crack passwords.


Children’s snack recalled after its website caught serving porn

Supermarket chain Lidl has been recalling four types of PAW Patrol-themed snacks across the UK. Except, the reason for the recall has got nothing to do with food contents, but the website listed on the snack’s packaging serving porn. Produced in Canada, PAW Patrol is an animated children’s TV series aired in the US, UK, and around the world.


Microsoft reminds users Windows will disable insecure TLS soon

Microsoft reminded users that insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols will be disabled soon in future Windows releases. The TLS secure communication protocol is crafted to safeguard users against eavesdropping, tampering, and message forgery while exchanging and accessing information over the Internet through client/server applications. The original TLS 1.0 specification and its TLS 1.1 successor have been used for nearly two decades, with TLS 1.0 initially introduced in 1999 and TLS 1.1 in 2006).

Related Posts