Dropbox Breach Exposes Customer Credentials, Authentication Data

Threat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info. [TechWeb]( Follow Dark Reading: [RSS]( May 03, 2024 LATEST SECURITY NEWS & COMMENTARY [Dropbox Breach Exposes Customer Credentials, Authentication Data]( Threat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info. [Billions of Android Devices Open to 'Dirty Stream' Attack]( Microsoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have more than 500 million installations each; and one, Xiaomi's File Manager, has at least 1 billion installations. [Software Security: Too Little Vendor Accountability, Experts Say]( Actual legislation is a long shot and a decade away, but policy experts are looking to jump-start the conversation around greater legal liability for insecure software products. [DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn]( Organizations can go a long way toward preventing spoofing attacks by changing one basic parameter in their DNS settings. [Safeguarding Your Mobile Workforce]( Establishing a robust BYOD security strategy is imperative for organizations aiming to leverage the benefits of a mobile-first workforce while mitigating associated risks. [Hacker Sentenced After Years of Extorting Psychotherapy Patients]( Two years after a warrant went out for his arrest, Aleksanteri Kivimäki finally has been found guilty of thousands of counts of aggravated attempted blackmail, among other charges. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS ['Cuttlefish' Zero-Click Malware Steals Private Cloud Data]( The newly discovered malware, which has so far mainly targeted Turkish telcos and has links to HiatusRat, infects routers and performs DNS and HTTP hijacking attacks on connections to private IP addresses. [Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft]( Weaponizing Microsoft's own services for command-and-control is simple and costless, and it helps attackers better avoid detection. [The Cybersecurity Checklist That Could Save Your M&A Deal]( With mergers and acquisitions making a comeback, organizations need to be sure they safeguard their digital assets before, during, and after. [Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches]( MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business. [MORE]( PRODUCTS & RELEASES [Cobalt's 2024 State of Pentesting Report Reveals Cybersecurity Industry Needs]( [Intel 471 Acquires Cyborg Security]( [ESET PROTECT Portfolio Now Includes New MDR Tiers and Features]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [UnitedHealth Congressional Testimony Reveals Rampant Security Fails]( The breach was carried out with stolen Citrix credentials for an account that lacked multifactor authentication. Attackers went undetected for days, and Change Healthcare's backup strategy failed. LATEST FROM THE EDGE [Name That Edge Toon: Puppet Master]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Mimic Launches With New Ransomeware Defense Platform]( The new startup’s SaaS platform claims to help organizations detect ransomware attacks faster than “traditional” methods and to recover within 24 hours. LATEST FROM DR GLOBAL ['DuneQuixote' Shows Stealth Cyberattack Methods Are Evolving. Can Defenders Keep Up?]( A recent campaign targeting Middle Eastern government organizations plays standard detection tools like a fiddle. With cyberattackers getting more creative, defenders must start keeping pace. WEBINARS - [Why Effective Asset Management is Critical to Enterprise Cybersecurity]( - [Assessing Software Supply Chain Risk]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [A Short Primer on Container Scanning]( - [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments]( - [Cisco Panoptica for Simplified Cloud-Native Application Security]( - [A Short Primer on Container Scanning]( - [ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development]( - [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments]( - [How Enterprises Secure Their Applications]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123259&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_05.03.24&sp_cid=53320&utm_content=DR_NL_Dark%20Reading%20Daily_05.03.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#20 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)