Dropbox users beware

May 03 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wishes there wasnโ€™t plenty more phish in the cyber-sea ๐Ÿ ๐ŸŒŠ๐Ÿ˜ฉ

Itโ€™s Friday, folks, which can only mean one thingโ€ฆ Itโ€™s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s it.

Congrats, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน๐Ÿฉน๐Ÿฉน

Xiaomi? You donโ€™t even know me ๐Ÿ™ƒ

๐Ÿšจ Patch Now Available for Vulnerable Android Apps, incl. Xiaomi, WPS Office! ๐Ÿ“ฑ

Attention Android users! Act swiftly to safeguard your devices! ๐Ÿ”’ Popular apps like Xiaomi File Manager and WPS Office were recently found vulnerable to a serious path traversal-related flaw, putting over 1 billion and 500 million instals at risk, respectively.

Exploitation of this flaw could grant attackers full control over affected apps, leading to potential token theft and unauthorised access to your sensitive data.

But fret not! Both Xiaomi and WPS Office have released patches as of February 2024. It's crucial to update your apps immediately to mitigate the risk. Remember, your security matters! ๐Ÿ›ก๏ธ

Now, on to todayโ€™s hottest cybersecurity news stories:

  • โš ๏ธ Dropbox users beware! Digital signature breach affects all users ๐Ÿ“ฆ

  • ๐Ÿค– Enter Goldoon botnet, targeting D-link routers w/ decade-old flaw ๐Ÿ“†

  • ๐Ÿงช GitLab password reset vulnerability is being exploited, warns CISA ๐Ÿ›ก๏ธ

They really Dropped the Box on this one โฌ‡๏ธ๐Ÿ“ฆ๐Ÿ’€

๐Ÿšจ Dropbox Sign Breach Exposes User Data โ˜๏ธ

Cloud storage giant Dropbox revealed on Wednesday that its digital signature product, Dropbox Sign (formerly HelloSign), fell victim to a breach orchestrated by unidentified threat actors. The security incident compromised emails, usernames, and account settings associated with all users of the service, as disclosed in a filing with the U.S. Securities and Exchange Commission (SEC). The breach, which occurred on April 24, 2024, marks the second such incident to hit Dropbox within two years. ๐Ÿ›‘๐Ÿ”’

Scope of the Breach ๐Ÿ”ญ

According to Dropbox, the attackers accessed a wealth of user data, including emails, usernames, phone numbers, hashed passwords, and certain authentication information such as API keys and OAuth tokens. Furthermore, the breach extended to third parties who interacted with Dropbox Sign, exposing their names and email addresses. While investigations found no evidence of access to users' account contents or payment information, the incident raises concerns about the security of personal data. ๐Ÿ“ง๐Ÿ”‘

Modus Operandi ๐Ÿ› ๏ธ

The attackers exploited a service account within Dropbox Sign's backend, leveraging its elevated privileges to access the customer database. The breach is believed to have stemmed from the compromise of a Dropbox Sign automated system configuration tool. While the company did not disclose the exact number of affected customers, it assured users of proactive measures, including password resets, logouts from connected devices, and rotation of API keys and OAuth tokens, to mitigate risks. ๐Ÿ”๐Ÿ›ก๏ธ

Response and Ongoing Investigation ๐Ÿ•ต๏ธ

Dropbox affirmed its cooperation with law enforcement and regulatory authorities and committed to providing affected users with comprehensive support and guidance. Meanwhile, investigations into the breach continue to uncover the full extent of the incident and bolster defences against future threats. ๐Ÿ’ผ๐Ÿ”

Strengthening Security Measures ๐Ÿ’ช

As breaches become increasingly prevalent, organisations must prioritise robust security measures and proactive risk management strategies to safeguard user data and maintain trust. Dropbox's commitment to transparency and swift action underscores the importance of swift response and collaboration in the face of evolving cyber threats. ๐Ÿšจ๐Ÿค

While the fallout from the breach remains a concern, Dropbox's efforts to contain the incident and support affected users serve as a reminder of the ongoing battle to protect sensitive information in an ever-changing threat landscape. ๐Ÿ›ก๏ธ๐Ÿ’ป

Hackers: Thereโ€™s no way Iโ€™ll Goldoon for this ๐Ÿšจ๐Ÿ‘ฎ๐Ÿ’€

Security researchers have uncovered a new botnet dubbed Goldoon, which exploits a critical security flaw dating back almost a decade in D-Link routers. The vulnerability, CVE-2015-2051, affects D-Link DIR-645 routers, granting remote attackers the ability to execute arbitrary commands via specially crafted HTTP requests. Once compromised, these devices become conduits for further attacks, including distributed denial-of-service (DDoS) assaults. ๐Ÿ›ก๏ธ๐Ÿ”“

Modus Operandi ๐Ÿ› ๏ธ

The Goldoon botnet leverages CVE-2015-2051 to execute a dropper script from a remote server, which, in turn, downloads the next-stage payload for various Linux system architectures. This payload acts as a downloader for the Goldoon malware, which is retrieved from a remote endpoint. To cover its tracks, the dropper removes the executed file and deletes itself. Goldoon establishes persistence on the host and connects to a command-and-control (C2) server to await further instructions. The malware boasts an array of 27 DDoS flood attack methods, spanning multiple protocols. ๐Ÿ”„๐Ÿ’ฅ

Evolving Threat Landscape ๐Ÿ’

While the vulnerability is not new, its exploitation underscores the evolving tactics of cybercriminals and advanced persistent threat (APT) actors. Compromised routers serve as anonymization layers and are rented out for various illicit activities, from proxy services to conducting cyberattacks. Recent incidents, including the dismantling of the MooBot botnet by the U.S. government, highlight the pervasive threat posed by compromised routers. Trend Micro's observations further emphasise the versatility of these compromised devices, which can be repurposed for a range of malicious activities. โš ๏ธ

Securing the Infrastructure ๐ŸŒ

The emergence of Goldoon reinforces the importance of robust cybersecurity measures and timely patching of known vulnerabilities. Organisations and individuals alike must prioritise the security of their network infrastructure to mitigate the risk of exploitation by threat actors. As the threat landscape evolves, proactive defence measures and collaboration between security professionals remain essential in safeguarding against emerging threats. ๐Ÿ›ก๏ธ๐Ÿ”’

In the face of escalating cyber threats, vigilance and proactive security practices are paramount to thwarting malicious actors and preserving the integrity of digital ecosystems. The discovery of Goldoon serves as a stark reminder of the ever-present need for heightened cybersecurity vigilance in an increasingly connected world. ๐Ÿ’ป๐Ÿšจ

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

Stay ahead of the curve with Presspool.ai! ๐Ÿš€ Subscribe to their newsletter for the latest buzz in the information technology space, with a special focus on AI. Their slogan says it all: "Actionable marketing insights for the visionary AI executive." ๐Ÿค“๐Ÿ’ก Thatโ€™s us, alright! ๐Ÿคต How about you? Visionary AI executive, much? ๐Ÿ‘€

And if the newsletter gets your motor running then you can take a butchers at their cool AI marketing product too which is sure to help you make the most of our new artificial overlords and put them to work for your business ๐Ÿค–๐Ÿ‘ฉโ€๐Ÿ’ป๐ŸŒ

Rest assured, the process is very straightforward.

You simply:

๐Ÿ†• Sign Up & Create Campaign

๐Ÿ“Š Define your audience, budget, and message to captivate your audience.

๐Ÿš€ Launch your campaign, as Presspoolโ€™s AI matches it with ideal newsletter audiences for optimal reach and conversions. ๐ŸŽฏ

๐Ÿ•ต๏ธ Finally, you leverage real-time analytics to track performance and refine future strategies. ๐Ÿ“ˆ Elevate your marketing game and stay informed with Presspool.ai! ๐ŸŒŸ Simples! ๐Ÿฆฆ

Presspool.aiย ๐Ÿ“ฐ๐ŸŠ๐Ÿค– may just have what you need to succeed. And if the product isnโ€™t for you, the newsletter alone is a gamechanger. And we know newsletters ๐Ÿ˜‰

Quick, Git back to the Lab! ๐Ÿ‘จโ€๐Ÿ”ฌโš—๏ธ๐Ÿ”ฌ

๐Ÿšจ CISA Adds Critical Flaw in GitLab to Known Exploited Vulnerabilities Catalogue ๐Ÿ”’

CISA has flagged a critical vulnerability in GitLab, tracked as CVE-2023-7028, due to ongoing exploitation. The flaw, with a severity score of 10.0, allows attackers to execute account takeover by sending password reset emails to unverified addresses. ๐Ÿ˜ฑ๐Ÿ”“

The Risk โš ๏ธ

The vulnerability, affecting GitLab versions 16.1.0 onwards, impacts all authentication mechanisms. Successful exploitation grants attackers control over user accounts, potentially leading to data theft, source code manipulation, and supply chain attacks. The consequences could be severe, compromising system integrity and enabling unauthorised access. ๐Ÿ’ป๐Ÿ›ก๏ธ

Mitigations ๐Ÿ’‰

GitLab has released patches in versions 16.5.6, 16.6.4, and 16.7.2, with backported fixes available for earlier versions. Federal agencies are urged to apply these updates by May 22, 2024, to safeguard their networks against exploitation. Vigilance and prompt action are essential to mitigate the risk posed by this critical vulnerability. โš ๏ธ๐Ÿ”’

As organisations race to bolster their cybersecurity defences, addressing known vulnerabilities promptly is crucial to mitigating potential threats and safeguarding against malicious actors. Stay informed and proactive to protect your digital assets and ensure a resilient security posture. ๐ŸŒ๐Ÿ›ก๏ธ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ›ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐Ÿ“…

  • ๐Ÿ’ตย Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐Ÿ†“

  • ๐Ÿ“ˆย Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐Ÿ‘พ

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles