Cyber attacks are increasing in frequency and no company is immune, regardless of the size. The Dropbox GitHub account was recently compromised. Dropbox is a popular cloud storage provider. The data breach gave attackers access to code repositories that contained sensitive data.

Dropbox was notified by GitHub of a possible breach on October 14th. GitHub noticed suspicious activity starting one day earlier.

On Tuesday, November 1, 2022, Dropbox released an announcement that said, "our investigation has found that the code accessed by this threat actor contained some API keys and other credentials used by Dropbox developers."

This data breach includes the names and email addresses for a few thousand Dropbox employees, past customers, sales leads, vendors, and customers.

Recent data breaches have led to the success of an email phishing campaign targeting Dropbox employees, posing as from CircleCI (continuous integration and delivery platform). The emails sent victims to a landing site where they were required to enter their GitHub credentials.

Dropbox claims that hackers were unable to gain access to customer accounts, passwords or payment information. Moreover, no Dropbox core apps or infrastructure was compromised. Dropbox has taken further measures to protect its environment as a result of the attack.

GitHub discovered the theft of content from private repositories almost immediately after the compromise. To make it harder to track and identify the threat actors, VPNs and proxy servers were used.

This is just one example that shows how sophisticated cyber attacks can cause damage to large companies. Although Dropbox was able to quickly repair the damage, the incident serves as a reminder for all businesses that they are always at risk from these types of threats. Employers should educate their employees on how to spot potential cyberattacks. Not sure where to start? Call Integrated Technology Systems.

Zoom fixes a serious security vulnerability for Mac users

data breachZoom is a widely-used video conferencing tool and voice-over IP (VoIP) that has gained a lot of popularity in both the academic and business sectors.

Zoom released a security bulletin in October, informing users of a vulnerability. Zoom has identified the vulnerability and has patched it accordingly.

This problem seems to be affecting macOS Zoom clients from versions 5.10.6 through 5.12.0. Users should ensure they have the most recent version of Zoom installed on all their computers. Zoom Desktop Client on Mac users can check the version number of the video conference software by clicking "zoom.us", in the menu bar.

Users can manually update the software. To check for updates, go to the "About Zoom” section.

Vulnerability

Due to a vulnerability in the macOS Zoom client's open debugging port, malicious users can attack it locally.

Zoom's vulnerability was assessed by the CVSS (common vulnerabilities scoring system) at 7.3 out 10 which means it is a serious issue.

Zoom recommends that users upgrade their software as soon as they can to avoid potential security flaws.

Zoom places safety and security as a top priority. The  vulnerability in Zoom is serious, but it can be fixed by upgrading Zoom to the latest version. Users are strongly advised to check which version they have and update accordingly.

Threats to your business can come in many forms. Managed IT Serves can close the gap and help you keep your company secure.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017
212-750-5420
https://www.itsnyc.com