Dropbox files notice of breach with SEC

https://www.sec.gov/Archives/edgar/data/1467623/000146762324000024/dbx-20240429.htm

At the very least, the actor(s) was able to obtain hashed passwords, OAUTH tokens, some MFA, phone numbers and API keys. They noticed this on April 24, 2024 according to the 8-K filed with the SEC

The investigation is continuing… AKA change passwords and inventory your data so you are prepared to evaluate your risk

Police bust accuses 37 of being cyber criminals that stole identities, credit card numbers and pin codes; seize LabHost site on Dark Web

Police bust cyber gang accused of worldwide fraud (msn.com)

Palo Alto updates patching guidance for command injection vulnerability

https://security.paloaltonetworks.com/CVE-2024-3400

This is a command injection vulnerability that enabled an unauthenticated attacker to execute code with root privileges. POC has been released publicly.

Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.

You can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways or Network > GlobalProtect > Portals).

https://unit42.paloaltonetworks.com/cve-2024-3400

VPN brute force attacks: Your logs are full of them (guaranteed)

https://www.bleepingcomputer.com/news/security/cisco-warns-of-large-scale-brute-force-attacks-against-vpn-services

Make sure you are using MFA for every account that has remote access and check all remote access points; not just VPNs.

Not April Fools: Duo (Cisco) MFA service breached… via phishing scheme

https://www.darkreading.com/cyberattacks-data-breaches/cisco-duo-multifactor-authentication-service-breached

https://app.securitymsp.cisco.com/e/es?s=4673582&e=2785&elqTrackId=EF815608FCE191E1D3FAAE7B0376C832&elq=bd1c1886a59e40c09915b029a74be94e&elqaid=112&elqat=1

Customer Advisory

Russian actors “all up in” Microsoft’s business; accesses source code. Is this anything new?

https://www.independent.co.uk/news/world/americas/microsoft-russia-hackers-b2510319.html

SQL Injection vulnerability in Ivanti endpoint Manager is patched

https://www.bankinfosecurity.com/ivanti-patches-critical-endpoint-security-vulnerability-a-24046

Cellular company Mint Mobile discloses data breach. Some customer info exposed including SIM and IMEI; No PII or PCI data.

https://www.bleepingcomputer.com/news/security/mint-mobile-discloses-new-data-breach-exposing-customer-data/

Because of the data that was leaked, SIM swapping is a real concern for those customers. Read the story here

Google plugs Chrome Zero-Day hole that is actively being exploited in the wild.

This is said to be a heap buffer overflow flaw in the WebRTC framework according to Google.

A heap buffer overflow is a software code vulnerability that can be faulted or exploited by a bad actor, which can cause unintended consequences including a blue screen of death (BSOD, unauthorized access, or Denial of Service (DoS). The overflow generally occurs when the allotted storage capacity is exceeded by the volume of data.

More can be read at thehackernews.com here:

A month after their $1M settlement with New York, First American Title suffers a crippling cybersecurity attack

The Title insurance giant just completed a $1 million settlement with DFS of New York over a 2019 cybersecurity breach affecting customer data.

First American Title is providing updates here: https://www.firstamupdate.com/

Related articles:

https://therecord.media/first-american-title-insurance-cyberattack-real-state-industry

First American is the latest cybersecurity attack victim