Welcome to Gone Phishing, your daily cybersecurity newsletter that wishes there wasn’t plenty more phish in the cyber-sea 🐠🌊😩

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! 🩹🩹🩹

Xiaomi? You don’t even know me 🙃

🚨 Patch Now Available for Vulnerable Android Apps, incl. Xiaomi, WPS Office! 📱

Attention Android users! Act swiftly to safeguard your devices! 🔒 Popular apps like Xiaomi File Manager and WPS Office were recently found vulnerable to a serious path traversal-related flaw, putting over 1 billion and 500 million instals at risk, respectively.

Exploitation of this flaw could grant attackers full control over affected apps, leading to potential token theft and unauthorised access to your sensitive data.

But fret not! Both Xiaomi and WPS Office have released patches as of February 2024. It's crucial to update your apps immediately to mitigate the risk. Remember, your security matters! 🛡️

Now, on to today’s hottest cybersecurity news stories:

• ⚠️ Dropbox users beware! Digital signature breach affects all users 📦

• 🤖 Enter Goldoon botnet, targeting D-link routers w/ decade-old flaw 📆

• 🧪 GitLab password reset vulnerability is being exploited, warns CISA 🛡️

They really Dropped the Box on this one ⬇️📦💀

giphy.com

🚨 Dropbox Sign Breach Exposes User Data ☁️

Cloud storage giant Dropbox revealed on Wednesday that its digital signature product, Dropbox Sign (formerly HelloSign), fell victim to a breach orchestrated by unidentified threat actors. The security incident compromised emails, usernames, and account settings associated with all users of the service, as disclosed in a filing with the U.S. Securities and Exchange Commission (SEC). The breach, which occurred on April 24, 2024, marks the second such incident to hit Dropbox within two years. 🛑🔒

Scope of the Breach 🔭

According to Dropbox, the attackers accessed a wealth of user data, including emails, usernames, phone numbers, hashed passwords, and certain authentication information such as API keys and OAuth tokens. Furthermore, the breach extended to third parties who interacted with Dropbox Sign, exposing their names and email addresses. While investigations found no evidence of access to users' account contents or payment information, the incident raises concerns about the security of personal data. 📧🔑

Modus Operandi 🛠️

The attackers exploited a service account within Dropbox Sign's backend, leveraging its elevated privileges to access the customer database. The breach is believed to have stemmed from the compromise of a Dropbox Sign automated system configuration tool. While the company did not disclose the exact number of affected customers, it assured users of proactive measures, including password resets, logouts from connected devices, and rotation of API keys and OAuth tokens, to mitigate risks. 🔍🛡️

Response and Ongoing Investigation 🕵️

Dropbox affirmed its cooperation with law enforcement and regulatory authorities and committed to providing affected users with comprehensive support and guidance. Meanwhile, investigations into the breach continue to uncover the full extent of the incident and bolster defences against future threats. 💼🔍

Strengthening Security Measures 💪

As breaches become increasingly prevalent, organisations must prioritise robust security measures and proactive risk management strategies to safeguard user data and maintain trust. Dropbox's commitment to transparency and swift action underscores the importance of swift response and collaboration in the face of evolving cyber threats. 🚨🤝

While the fallout from the breach remains a concern, Dropbox's efforts to contain the incident and support affected users serve as a reminder of the ongoing battle to protect sensitive information in an ever-changing threat landscape. 🛡️💻

Hackers: There’s no way I’ll Goldoon for this 🚨👮💀

🚨 Goldoon Botnet Targets D-Link Routers with Decade-Old Flaw 📆

Security researchers have uncovered a new botnet dubbed Goldoon, which exploits a critical security flaw dating back almost a decade in D-Link routers. The vulnerability, CVE-2015-2051, affects D-Link DIR-645 routers, granting remote attackers the ability to execute arbitrary commands via specially crafted HTTP requests. Once compromised, these devices become conduits for further attacks, including distributed denial-of-service (DDoS) assaults. 🛡️🔓

Modus Operandi 🛠️

The Goldoon botnet leverages CVE-2015-2051 to execute a dropper script from a remote server, which, in turn, downloads the next-stage payload for various Linux system architectures. This payload acts as a downloader for the Goldoon malware, which is retrieved from a remote endpoint. To cover its tracks, the dropper removes the executed file and deletes itself. Goldoon establishes persistence on the host and connects to a command-and-control (C2) server to await further instructions. The malware boasts an array of 27 DDoS flood attack methods, spanning multiple protocols. 🔄💥

Evolving Threat Landscape 🐒

While the vulnerability is not new, its exploitation underscores the evolving tactics of cybercriminals and advanced persistent threat (APT) actors. Compromised routers serve as anonymization layers and are rented out for various illicit activities, from proxy services to conducting cyberattacks. Recent incidents, including the dismantling of the MooBot botnet by the U.S. government, highlight the pervasive threat posed by compromised routers. Trend Micro's observations further emphasise the versatility of these compromised devices, which can be repurposed for a range of malicious activities. ⚠️

Securing the Infrastructure 🌐

The emergence of Goldoon reinforces the importance of robust cybersecurity measures and timely patching of known vulnerabilities. Organisations and individuals alike must prioritise the security of their network infrastructure to mitigate the risk of exploitation by threat actors. As the threat landscape evolves, proactive defence measures and collaboration between security professionals remain essential in safeguarding against emerging threats. 🛡️🔒

In the face of escalating cyber threats, vigilance and proactive security practices are paramount to thwarting malicious actors and preserving the integrity of digital ecosystems. The discovery of Goldoon serves as a stark reminder of the ever-present need for heightened cybersecurity vigilance in an increasingly connected world. 💻🚨

🎣 Catch of the Day!! 🌊🐟🦞

Stay ahead of the curve with Presspool.ai! 🚀 Subscribe to their newsletter for the latest buzz in the information technology space, with a special focus on AI. Their slogan says it all: "Actionable marketing insights for the visionary AI executive." 🤓💡 That’s us, alright! 🤵 How about you? Visionary AI executive, much? 👀

And if the newsletter gets your motor running then you can take a butchers at their cool AI marketing product too which is sure to help you make the most of our new artificial overlords and put them to work for your business 🤖👩‍💻🌐

Rest assured, the process is very straightforward.

You simply:

🆕 Sign Up & Create Campaign

📊 Define your audience, budget, and message to captivate your audience.

🚀 Launch your campaign, as Presspool’s AI matches it with ideal newsletter audiences for optimal reach and conversions. 🎯

🕵️ Finally, you leverage real-time analytics to track performance and refine future strategies. 📈 Elevate your marketing game and stay informed with Presspool.ai! 🌟 Simples! 🦦

Presspool.ai 📰🏊🤖 may just have what you need to succeed. And if the product isn’t for you, the newsletter alone is a gamechanger. And we know newsletters 😉

Quick, Git back to the Lab! 👨‍🔬⚗️🔬

🚨 CISA Adds Critical Flaw in GitLab to Known Exploited Vulnerabilities Catalogue 🔒

CISA has flagged a critical vulnerability in GitLab, tracked as CVE-2023-7028, due to ongoing exploitation. The flaw, with a severity score of 10.0, allows attackers to execute account takeover by sending password reset emails to unverified addresses. 😱🔓

The Risk ⚠️

The vulnerability, affecting GitLab versions 16.1.0 onwards, impacts all authentication mechanisms. Successful exploitation grants attackers control over user accounts, potentially leading to data theft, source code manipulation, and supply chain attacks. The consequences could be severe, compromising system integrity and enabling unauthorised access. 💻🛡️

Mitigations 💉

GitLab has released patches in versions 16.5.6, 16.6.4, and 16.7.2, with backported fixes available for earlier versions. Federal agencies are urged to apply these updates by May 22, 2024, to safeguard their networks against exploitation. Vigilance and prompt action are essential to mitigate the risk posed by this critical vulnerability. ⚠️🔒

As organisations race to bolster their cybersecurity defences, addressing known vulnerabilities promptly is crucial to mitigating potential threats and safeguarding against malicious actors. Stay informed and proactive to protect your digital assets and ensure a resilient security posture. 🌐🛡️

🗞️ Extra, Extra! Read all about it! 🗞️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

• 🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅

• 💵 Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓

• 📈 Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾

Let us know what you think.

So long and thanks for reading all the phish!