Dropbox Suffers Major Breach in Phishing Attack

Dropbox Suffers Major Breach in Phishing Attack

It’s no secret that cyber attacks are on the rise, and that no company is immune to them. Dropbox, a cloud storage company, was the lastest victim when their GitHub account was compromised. This allowed attackers access to 130 code repositories, which contained sensitive data.

Dropbox was notified of a potential breach on October 14th from GitHub, who observed suspicious activity coming from the account starting one day earlier.

On Tuesday, November 1, 2022, Dropbox released an announcement that said, “our investigation has found that the code accessed by this threat actor contained some credentials—primarily, API keys—used by Dropbox developers.”

The data contains the names and email addresses of a few thousand Dropbox employees, current customers, past customers, sales leads, and vendors.

A successful email phishing campaign, targeting Dropbox employees and pretending to be from CircleCI (a continuous integration and delivery platform), has been attributed to a recent data breach. The emails directed the victims to a landing page where they were asked to enter their GitHub credentials.

Dropbox states that the hackers did not manage to get access to customers’ accounts, passwords, or payment information. In addition, none of Dropbox’s core apps or infrastructure were compromised. As a result of this attack, Dropbox is taking further steps to secure its environment by using WebAuthn and hardware tokens or biometrics.

It was almost immediately after the compromise that GitHub detected the exfiltration of content from private repositories. The threat actors used VPNs and proxy services to make it more difficult to trace and identify them.

The Dropbox security breach is just one example of how even big companies are susceptible to damage by sophisticated cyber attacks. But while Dropbox was quickly mitigate the damage caused by the attack, it’s a reminder to all businesses that they’re always vulnerable to these kinds of threats. Therefore, it’s important for employers educate their staff on how identify potential cyberattacks.

SIM Swap Attack Targets Verizon Customers

SIM Swap Attack Targets Verizon Customers

Recently, Verizon experienced a minor but significant data breach. Between October 6, 2022, and October 10, 2022, an unknown malicious actor gained access to Verizon’s prepaid wireless accounts, compromising approximately 250 individuals.

According to a letter to customers, Verizon discovered the breach after noticing “unusual activity” on its network.

Due to the data breach, a SIM swap attack has been launched. Threat actors can take over the target’s phone number by convincing their mobile carriers to switch the target’s number to a SIM card controlled by the attackers.

Verizon warned its customers that the breach exposed the last four digits of their credit card numbers, which could result in fraudulent SIM card swaps. Additional customer data such as phone numbers, mailing addresses, account plans, and credit card information has been compromised. Verizon has confirmed that the attack did not compromise bank account information, passwords, social security numbers, tax IDs, or other sensitive information.

As a result of the data breach, Verizon reset the account security codes of an unspecified number of accounts.

Verizon reported that the company had successfully blocked any further unauthorized access to its customer’s accounts. Additionally, Verizon stated that it did not find any indication that the malicious activity was still ongoing.

Verizon’s customers can protect themselves from SIM swapping attacks by activating the company’s free “Number Lock” protection feature. Once a phone number is locked, it cannot be transferred to another device or service provider. Unless the account owner removes the lock, SIM swapping will be impossible.

Verizon users are urged to reset their pin codes, update passwords, and modify security questions to protect themselves against future attacks.

Customers are encouraged to review their information by logging into their Verizon account. Those who notice anything unusual should get in touch with Verizon directly.

The Verizon data breach serves as a reminder that even well-established businesses are susceptible to attack. However, customers can take steps to protect themselves, such as utilizing the ‘Number Lock’ security feature. By taking precautions and monitoring their accounts, customers can help ensure the security of their information.

Personal Information Compromised in City of Tucson Data Breach

 In light of a recent data breach, the City of Tucson, Arizona, is alerting approximately 123,000 citizens that their personal information has been compromised. The issue was detected in May 2022, but the city’s investigation didn’t conclude until last month.

As detailed in the notification addressed to those impacted by the data breach, an attacker infiltrated the city’s network and exfiltrated a large number of sensitive files.

Between May 17 and May 31, the threat actors obtained access to the network and stole essential documents containing the personal information of over 123,000 people.

The data breach notification states, “On May 29, 2022, the City learned of suspicious behavior using a user’s network account credentials.” Additionally, “On August 4, 2022, the City discovered that certain files may have been copied and removed from its network.”

The city disclosed in a separate notice, “On September 12, this review concluded, and the review determined that the information at issue included certain personal information.”

The city began contacting potentially affected individuals on September 23, informing them that the attackers may have gained access to their names and Social Security numbers, among the sensitive personal information exposed during the incident.

The notification letters issued to the affected individuals also stated that, at the moment, there’s no proof of personal data being used for fraudulent activities.

Affected individuals are encouraged to monitor their credit reports for any unusual activities that may point to identity theft or fraud using their personal information.

For those affected, the city is giving free credit monitoring and identity protection services from Experian for an entire year, as well as advice on how to avoid being a victim of identity theft.

The city is committed to protecting residents’ personal information as it continues to review its existing policies and procedures regarding cybersecurity and evaluate additional measures and safeguards to protect against this type of event.

Uber Hacked Again

An unknown hacker, who claims to be eighteen years old, acquired administrative access to Uber’s corporate network and proprietary internal tools on Thursday, September 15, 2022.

On September 15, 2022, at 6:25 pm PT, Uber issued a statement on Twitter that it was “responding to a cybersecurity incident.”

An attacker gained access to the account of an Uber EXT contractor. A malware-infected personal device compromised the contractor’s credentials. The contractor accepted the multi-factor authentication through a socially engineered attack, enabling the hacker access to the contractor’s account.

The hacker then acquired access to several additional employee accounts with enhanced permissions and announced on the company-wide Slack channel:

“I announce I am a hacker, and Uber has suffered a data breach…” with the hashtag #uberunderpaisdrives.

The hacker also altered the OpenDNS for some internal Uber sites to show a graphic image.

In response to the cybersecurity attack, Uber notified the appropriate authorities and its staff. In addition, the corporation disabled several internal communication and engineering systems as a precautionary measure.

On September 16, 2022, Uber announced that its services were fully functioning and that it would restore several interrupted internal tools.

The breach exposed data from the company’s Slack and G-Suite communication systems, internal financial tools, and the bug bounty dashboard on HackerOne. Uber immediately fixed all of the vulnerabilities retained within HackerOne bug reports to stop more nefarious acts.

On September 19, 2022, at 10:45 am PT, Uber released a statement saying, “we have no evidence that the incident involved access to sensitive user data.”

According to Uber, the intruder did not gain access to the production systems that power applications, any user accounts, or the encrypted database containing sensitive user data.

Uber enlisted several digital forensics companies to examine the incident and claimed it would utilize this opportunity further to bolster its policies, practices, and technology to withstand future cyberattacks better.

This incident is not the first time that cybercriminals have attacked the corporation. In 2016, the corporation paid a $100,000 ransom to hackers to prevent them from releasing stolen data.

Hackers are constantly looking for innovative ways to breach corporate networks. Cybercriminals are concentrating their efforts more on specific individuals due to the complexity introduced by multi-factor authentication. To prevent a socially engineered cyberattack like the one that compromised Uber, it is essential to educate staff members on how to identify such attacks.

Skimmers Are Stealing Credit Card Information From US Restaurants

If you eat out or are in the habit of ordering take-out on a regular basis, be aware.

Recently, a large, well-organized web-skimming campaign has been uncovered that allowed hackers to swipe the payment card details for more than 300 restaurants, impacting more than 50,000 customers.

Web-skimmers are sometimes called Magecart malware and they are bits of JavaScript that collects credit card data when shoppers enter their card data on the checkout page on an online payment portal.

This latest campaign was brought to light by researchers at Recorded Future, who noticed suspicious activity on the ordering portals of InTouchPOS, Harbortouch, and MenuDrive.

There have been two distinct campaigns so far, with the first one beginning on January 18 of 2022 and impacting 80 different restaurants using MenuDrive and another 74 that were utilizing Harbortouch’s platform.

Big chains don’t typically use platforms like these, so most of the impacted restaurants were small, local operations widely scattered across the United States.  In both campaigns just mentioned, the web skimmer malware code was discovered on the restaurant’s web pages and its subdomain on the payment portal’s platform.

In the case of Harbortouch, a single malicious JavaScript was used, while two different scripts were deployed against MenuDrive users.

The second campaign targeted InTouchPOS beginning on November 12 of 2021, but most of the actual attacks occurred in January 2022.  Here, no details were stolen from the site itself but rather, the attackers overlaid a fake payment form on top of the legitimate one and harvested payment details that way.

Recorded Future reports that both campaigns appear to be ongoing, and the firm has alerted all impacted entities.  At the time this piece was written, they had not received a response back from anyone.

In any event, if you order online from a local eatery near you, keep a watchful eye on your account.  Your payment data may have been compromised.