Dropbox: Send Fax from Anyone's HelloFax Account Due to Misconfigured Email Validation

The report demonstrates a method of using up HelloFax credits by forging email requests. A fix for the issue has been released and it was applied for existing and new users through an automatic update. An attacker could exploit this vulnerability by entering a victim’s HelloFax line number into a...

Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms

Details have emerged about a new cyber espionage campaign directed against the aerospace and telecommunications industries, primarily in the Middle East, with the goal of stealing sensitive information about critical assets, organizations' infrastructure, and technology while remaining in the dar...

Cross-site scripting in application/controllers/dropbox.php in JustWriting

Cross-site scripting XSS vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter...

“FudCo” Spam Empire Tied to Pakistani Software Firm

In May 2015, KrebsOnSecurity briefly profiled "The Manipulaters," the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media...

LuminousMoth APT: Sweeping attacks for the chosen few

APT actors are known for the frequently targeted nature of their attacks. Typically, they will handpick a set of targets that in turn are handled with almost surgical precision, with infection vectors, malicious implants and payloads being tailored to the victims identities or environment. Its no...

Ongoing Spearphishing Campaign Targets Afghan Gov’t

Chinese-speaking cyberespionage actors have targeted the Afghan government, using Dropbox for command-and-control C2 communications and going so far as to impersonate the Office of the President to infiltrate the Afghan National Security Council NSC, researchers have found. According to a report...

IndigoZebra APT Hacking Campaign Targets the Afghan Government

Cybersecurity researchers are warning of ongoing attacks coordinated by a suspected Chinese-speaking threat actor targeting the Afghanistan government as part of an espionage campaign that may have had its provenance as far back as 2014. Israeli cybersecurity firm Check Point Research attributed...

Molerats Hackers Return With New Attacks Targeting Middle Eastern Governments

A Middle Eastern advanced persistent threat APT group has resurfaced after a two-month hiatus to target government institutions in the Middle East and global government entities associated with geopolitics in the region in a rash of new campaigns observed earlier this month. Sunnyvale-based...

Breaking down NOBELIUM’s latest early-stage toolset

As we reported in earlier blog posts, the threat actor NOBELIUM recently intensified an email-based attack that it has been operating and evolving since early 2021. We continue to monitor this active attack and intend to post additional details as they become available. In this blog, we highlight...

Google Boots 164 Apps from Play Marketplace for Shady Ad Practices

Google has removed 164 apps, downloaded a total of 10 million times, from its Google Play marketplace because they were delivering “disruptive” ads, considered malicious. Last year, the tech giant banned apps that delivered this type of advertising, called out-of-context ads. But the problem...

MoleRats using Facebook, Dropbox, Google Docs to spread malware

By Deeba Ahmed Cybereason researchers have identified an ongoing espionage campaign using three yet unidentified malware variants. This is a post from HackRead.com Read the original post: MoleRats using Facebook, Dropbox, Google Docs to spread malware...

MoleRats APT Returns with Espionage Play Using Facebook, Dropbox

The MoleRats advanced persistent threat APT has developed two new backdoors, both of which allow the attackers to execute arbitrary code and exfiltrate sensitive data, researchers said. They were discovered as part of a recent campaign that uses Dropbox, Facebook, Google Docs and Simplenote for...

Turla's 'Crutch' Backdoor Leverages Dropbox in Espionage Attacks

Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat APT espionage group. The malware, which researchers call “Crutch,” is able to bypass security measures by abusing legitimate tools –...

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years

Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla aka Venomous Bear or Snake, a...

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years

Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla aka Venomous Bear or Snake, a...

Digitally Signed Bandook Trojan Reemerges in Global Spy Campaign

A wave of targeted cyberattack campaigns bent on espionage is cresting around the globe, using a strain of a 13-year old backdoor trojan named Bandook. According to Check Point Research, Bandook was last spotted being used in 2015 and 2017/2018, in the “Operation Manul” and “Dark Caracal”...

Digitally Signed Bandook Malware Once Again Targets Multiple Sectors

A cyberespionage group with suspected ties to the Kazakh and Lebanese governments has unleashed a new wave of attacks against a multitude of industries with a retooled version of a 13-year-old backdoor Trojan. Check Point Research called out hackers affiliated with a group named Dark Caracal in a...

TA416 APT Rebounds With New PlugX Malware Variant

The TA416 advanced persistent threat APT actor is back with a vengeance: After a month of inactivity, the group was spotted launching spear-phishing attacks with a never-before-seen Golang variant of its PlugX malware loader. TA416, which is also known as “Mustang Panda” and “RedDelta,” was spott...

Dropbox: `account_info.read` scope OAuth app access token can change token owner's account name.

Previously, Dropbox API was split between App Folder and Full Dropbox apps. After the recent introduction of Scoped Access apps, which use OAuth scopes, a number of routes meant specifically for internal use were neither restricted to internal apps nor were they annotated with required scopes. A...

LEPTON ma*** function has a heap out-of-bounds write vulnerability

LEPTON is a new lossless compression algorithm open-sourced by Dropbox, capable of lossless compression of JPEG images by an average of 22%. A heap out-of-bounds write vulnerability exists in the LEPTON ma function. An attacker can exploit this vulnerability to cause a program crash...