• Home
  • Resources and Tips
    • Digital Resources
    • Physical Resources
    • Hints and Tips
  • Education
  • IT
  • Learning in the future
  • Schools
  • Students
  • Tech in education
What's hot

Latino teachers share how their communities can reshape education – if given the chance

July 25, 2023

Preparing for the IBR “tax bomb” and student loan forgiveness

July 25, 2023

2 unions vote ‘no confidence’ for Hampshire Regional School Superintendent – Western Massachusetts News

July 25, 2023

Standing Shoulder to Shoulder – ED.gov Blog – Department of Education (.gov)

July 25, 2023
Facebook Twitter Instagram
  • Home
  • Contact us
  • Privacy policy
  • Terms & Conditions
Facebook Twitter Instagram
Teaching Resources Pro
  • Home
  • Resources and Tips
    • Digital Resources
    • Physical Resources
    • Hints and Tips
  • Education

    Standing Shoulder to Shoulder – ED.gov Blog

    July 25, 2023

    Florida approves controversial set of black history standards

    July 23, 2023

    Summer Reading Contest Week 6: What caught your eye in The Times this week?

    July 21, 2023

    These are the effects of talking to yourself

    July 19, 2023

    Risk Mitigation and Security Enhancement

    July 17, 2023
  • IT

    What is DevOps Automation? | TechRepublic.com

    July 23, 2023

    Future Cyber ​​Threats: The Four “Horsemen of the Apocalypse”

    July 21, 2023

    Splunk’s New AI Tools Aim to Make Security and Observability Tasks Easier

    July 19, 2023

    Navigating through directories in Java | TechRepublic

    July 15, 2023

    Civil society groups call on EU to put human rights at center of AI law

    July 13, 2023
  • Learning in the future

    Standing Shoulder to Shoulder – ED.gov Blog – Department of Education (.gov)

    July 25, 2023

    The future of free breakfast and lunch for all college students in Pennsylvania… – Pittsburgh Post-Gazette

    July 23, 2023

    Halıcıoğlu Data Science Institute at UC San Diego: Pioneering … – Datanami

    July 21, 2023

    Empowering Africa’s Future Through Collaboration – Commonwealth

    July 19, 2023

    In memory: Larry Pryor | USC Annenberg School for… – USC Annenberg School for Communication and Journalism |

    July 17, 2023
  • Schools

    2 unions vote ‘no confidence’ for Hampshire Regional School Superintendent – Western Massachusetts News

    July 25, 2023

    Council rejects ‘gut instinct’ proposal to close disciplinary school near Baker – The Advocate

    July 23, 2023

    Man, 26, impersonated 17-year-old student for 54 days at Nebraska high schools, police say – USA TODAY

    July 21, 2023

    Top Schools Begin Dropping Legacy Admissions After Affirmative Action Decision – Yahoo! Voice

    July 19, 2023

    Lake County: Back-to-School Students to Return to New Schools, Programs and Leadership in August – WFTV Orlando

    July 17, 2023
  • Students

    Preparing for the IBR “tax bomb” and student loan forgiveness

    July 25, 2023

    8 things to do in the summer that will make college easier

    July 23, 2023

    Fun things to do with teens before college

    July 21, 2023

    Moving into the halls of the University of Dundee – Student Blog

    July 19, 2023

    Attendance at ALA’s annual conference was “absolutely invaluable” – SJSU

    July 17, 2023
  • Tech in education

    Latino teachers share how their communities can reshape education – if given the chance

    July 25, 2023

    Best FIFA World Cup Activities and Lessons

    July 23, 2023

    Cybersecurity tips for students

    July 21, 2023

    Microsoft Forms tutorials for teachers

    July 19, 2023

    The power of quality class sound

    July 17, 2023
Teaching Resources Pro
Home»IT»Dropbox code compromised by phishing attack
IT

Dropbox code compromised by phishing attack

November 2, 2022No Comments5 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest Email

cloud storage service drop box shared details of how he was successfully targeted by a Phishing campaign in which a threat actor impersonated the code onboarding and delivery platform CircleCI to access one of its GitHub accounts and compromise code and data.

The information consulted included API keys used by Dropbox developers, and data including the names and email addresses of a very limited number of employees, customers, prospects and suppliers, described as thousands.

GitHub previously warned of a similar phishing campaign in which threat actors impersonated CircleCI in their phishing lures.

“No one had access to content, passwords, or payment information, and the issue was quickly resolved,” said a Dropbox spokesperson. “Our core applications and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled.

“We believe the risk to customers is minimal. At no time did this threat actor have access to the contents of anyone’s Dropbox account, password, or payment information.

The company added: “We take our commitment to protecting the privacy of our customers, partners and employees seriously, and while we believe any risk to them is minimal, we have notified those affected.”

The breach came to light in mid-October when a number of “Dropboxers” received emails that appeared to come from CircleCI, which is used by Dropbox for “certain internal deployments”. Some of these emails were intercepted and quarantined, but others passed through Dropbox’s cyber net.

The emails instructed their recipients to visit a fake CircleCI login page, enter their GitHub username and password, and then use their hardware authentication key to pass a One-time password to the malicious site. In one case, the threat actor was successful, and from there was able to copy 130 code repositories.

GitHub alerted Dropbox on October 14 and the threat actor was kicked out the same day, after which Dropbox’s security team took swift action to rotate the exposed credentials and determine what data was accessed.

To date, its investigations and monitoring, with the support of a third-party cybercrime team, have found no evidence of successful abuse of the exposed data.

“We know that it is impossible for humans to detect all phishing lures,” the company said. “For many people, clicking on links and opening attachments is a fundamental part of their job. Even the most skeptical and vigilant professional can fall prey to a carefully crafted message, delivered in the right way to the right time. This is precisely why phishing remains so effective and why technical controls remain the best protection against these types of attacks. As threats become more sophisticated, the more important these controls become.

“Our security teams work tirelessly to ensure that Dropbox remains trusted by our customers. While the information this threat actor had access to was limited, we hold ourselves to a higher standard. We are sorry to have failed and apologize for any inconvenience.

Following the cyberattack, it is now understood that Dropbox is advancing its adoption of WebAuthn for credential management, which he described as the “gold standard” of multi-factor authentication (MFA). He had already embarked on adopting WebAuthn MFA before the attack, and the offer to customers if they wish.

“Phishing continues to grow in popularity among hackers as other security measures improve while remaining effective and inexpensive,” said Martin Jartelius, chief security officer at Outpost24.

“There are some things that can be done to circumvent these specific threats, including the use of in-browser password managers where the password manager will not have a corresponding domain and therefore will not submit password in cases of phishing, or the use of YubiKeys which validate the site’s identity claim for the second factor with the same effect.

Jartelius added: “What we can note positive here is that while the affected user had access to repositories made available to most developers in the organization, this did not include product repositories. The least important part is that the personal data of staff and partners has been stored in git repositories. Hopefully this is only relevant contact information for developers, but based on published information, this is not is not entirely clear.

Sam Curry, chief security officer at Cyberseasonsaid Dropbox’s ultimate role as a “super-aggregator of data” made it an attractive and potentially very lucrative target for threat actors, which made Dropbox harder to attack.

“Even if they do security better, they have to do it much better than a normal company of their size and revenue to avoid being a victim,” Curry said.

“From the outside, it looks like Dropbox knows its own weaknesses and has plans that it is accelerating to improve identity security and strengthen authentication and authorization.

“My advice is to keep going, look for single points of failure, be as transparent as possible after the incident, update risk assessments, learn from lessons, keep acting with the people in mind first. customers and partners. The story will see you as a hero or a villain, never as a victim, so make decisions to be the hero.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

What is DevOps Automation? | TechRepublic.com

July 23, 2023

Future Cyber ​​Threats: The Four “Horsemen of the Apocalypse”

July 21, 2023

Splunk’s New AI Tools Aim to Make Security and Observability Tasks Easier

July 19, 2023
Add A Comment

Leave A Reply Cancel Reply

Latest

Latino teachers share how their communities can reshape education – if given the chance

July 25, 2023

Preparing for the IBR “tax bomb” and student loan forgiveness

July 25, 2023

2 unions vote ‘no confidence’ for Hampshire Regional School Superintendent – Western Massachusetts News

July 25, 2023

Standing Shoulder to Shoulder – ED.gov Blog – Department of Education (.gov)

July 25, 2023

Subscribe to Updates

Get the latest creative news from teachingresourcespro.

We are social
  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • YouTube
  • Vimeo
Don't miss

Latino teachers share how their communities can reshape education – if given the chance

July 25, 2023

Preparing for the IBR “tax bomb” and student loan forgiveness

July 25, 2023

2 unions vote ‘no confidence’ for Hampshire Regional School Superintendent – Western Massachusetts News

July 25, 2023

Subscribe to Updates

Get the latest creative news from teachingresourcespros.

  • Home
  • Contact us
  • Privacy policy
  • Terms & Conditions
© 2023 Designed by teachingresourcespro .

Type above and press Enter to search. Press Esc to cancel.