Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Dropbox left wide open by phishing attack

published on 2022-11-02 12:10:41 UTC by philviles
Content:

Dropbox, a file hosting service owned by the American company Dropbox, Inc., revealed that threat actors used a phishing attack to successfully target and access 130 of its GitHub repositories.

On October 13, 2022, crooks impersonated the code integration and delivery platform CircleCI to gain access to one of Dropbox's GitHub accounts. Dropbox makes use of these to host public and private repositories. GitHub already warned its users about phishing emails impersonating CircleCI about two months ago.

In phishing emails sent to multiple Dropbox employees, threat actors posed as CircleCI, requesting that they visit a fake CircleCI login page, enter their GitHub credentials, and provide a one-time password to the site.

“While our systems automatically quarantined some of these emails, others landed in Dropboxers’ inboxes,” Dropbox’s team explains.

As a result, hackers gained access to one of Dropbox's GitHub organisations and copied 130 of its code repositories. These files contained modified copies of third-party libraries, internal prototypes, as well as some security tools and configuration files.

According to the security team's press release, the incident had no impact on Dropbox's core infrastructure, content, passwords, or payment information.

“We believe the risk to customers is minimal,” Dropbox’s team says.

Cybercriminals did, however, gain access to certain credentials, primarily API keys used by Dropbox developers. Its code contained several thousand names and email addresses of Dropbox employees, current and past customers, sales leads, and vendors.

Following the attack, Dropbox's team hired forensic experts to confirm the accuracy of their findings and analysis.

Further reading


Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


Article: Dropbox left wide open by phishing attack - published about 2 years ago.

https://www.emcrc.co.uk/post/dropbox-left-wide-open-by-phishing-attack   
Published: 2022 11 02 12:10:41
Received: 2022 11 02 12:26:18
Feed: The Cyber Resilience Centre for the East Midlands
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 0

Custom HTML Block

Click to Open Code Editor