https://www.sec.gov/Archives/edgar/data/1467623/000146762324000024/dbx-20240429.htm
At the very least, the actor(s) was able to obtain hashed passwords, OAUTH tokens, some MFA, phone numbers and API keys. They noticed this on April 24, 2024 according to the 8-K filed with the SEC
The investigation is continuing… AKA change passwords and inventory your data so you are prepared to evaluate your risk
Because of the data that was leaked, SIM swapping is a real concern for those customers. Read the story here
The Title insurance giant just completed a $1 million settlement with DFS of New York over a 2019 cybersecurity breach affecting customer data.
First American Title is providing updates here: https://www.firstamupdate.com/
Related articles:
https://therecord.media/first-american-title-insurance-cyberattack-real-state-industry
Customer data including PII and security questions have been taken.
Internet outlets across the web were packed with complaints and reports of wireless connectivity issues after applying the December updates. Universities across the U.S. are recommending users uninstall the update and even mention how to do that. HERE are the steps that Microsoft recommends to uninstall an update. Search in the updates for KB5033375. It is worthy to note that not all updates are uninstallable (yes it’s a word).
There are no reports of these problems with Windows 10
According to CISA, FBI, NSA, Polish Military Counterintelligence, CERT Polska, and UK’s National Cyber Security Centre, Russian actors known by names including APT 29 are and have been exploiting servers hosting JetBrains TeamCity software since at least September, 2023. This software is used for software compilations, including building, testing and releasing software. The potential impact is pretty large, including supply chain operations (think Solarwinds). The article details IOCs
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
There is a new vulnerability in Apache Struts2.
If you don’t know, previous vulnerabilities were devastating to infrastructures; to the extent that we still see the attack vector being attempted. Affected versions are:
https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
If you are not caught up on patches, get so quickly. In addition to password spraying, we are seeing a large pickup in exploit attempts. The most recent version is Release 9.1R18.2 PRs. You can find the notes here: https://help.ivanti.com/ps/help/en_US/ICS/9.1RX/rn-9.1R18.2/fixed-issues.htm. It was only May, 2021 when actors were exploiting zero-days. The impact of that vulnerability caused Pulse Secure to release an Integrity Tool to check if files had been modified on the appliances.
Now might be a good time to refamiliarize yourself with the tool if you are not familiar https://forums.ivanti.com/s/article/KB44755?language=en_US
Ivanti Best Practices Guide https://forums.ivanti.com/s/article/KB29805?language=en_US&kA1j0000000Fil5=
OSG: Bits, Bytes and Packets 