DBC2 (DropboxC2) - A Modular Post-Exploitation Tool, Composed Of An Agent Running On The Victim'S Machine

DBC2 DropboxC2 is a modular post-exploitation tool, composed of an agent running on the victim's machine, a controler, running on any machine, powershell modules, and Dropbox servers as a means of communication. This project was initially inspired by the fantastic Empire framework, but also as an...

Dropbox: Dropbox employee benefits documents are available in a test Dropbox folder

This report pointed out that we had left a shared link to a copy of our employee benefits documentation in a particular iOS build. This link was likely used for ad-hoc testing at some point and accidentally left in the build. While there is little security risk here, we removed the link from...

Cloud Client Side File Encryption: Cryptomator

Multi-platform transparent client-side encryption of your files in the cloud. Cryptomator provides transparent, client-side encryption for your cloud. Protect your documents from unauthorized access. Cryptomator is free and open source software, so you can rest assured there are no backdoors...

Dropbox: Android - Access of some not exported content providers

The report indicates a flaw in our Android application that would allow a malicious app to gain read/write access to some cached files provided the attacker knows the name of the files and other minor pieces of information. The vulnerability was caused by not validating the package name of an...

CVE-2014-8889

Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack...

Western Digital My Cloud Products Dropbox App RCE Vulnerability

The Dropbox App of Western Digital My Cloud products is prone to an unauthenticated remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2014-8889

CVE-2014-8889 affects the Dropbox SDK for Android prior to 1.6.2. The issue was an implementation flaw that could enable remote attackers to obtain sensitive information through crafted malware or drive-by exploitation by leaking the nonce used in OAuth authentication, effectively tying a victim ...

CVE-2014-8889

Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack...

'HoeflerText' Popups Target Browsers With RAT and Locky Ransomware

A malware campaign utilizing bogus popups that alert users to a missing web-font is targeting Google Chrome and Firefox browser users. The popups contain a malicious JavaScript file that initiates the download of either the NetSupport Manager remote access tool RAT or Locky ransomware. The...

App Layering Recipe for Dropbox

...

August 1, 2017 – Morning Cyber Coffee Headlines – “August” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! August 1, 2017 - Headlines Carbon Black in the News: Carbon Black Appoints Form...

Dropbox: Missing URL sanitization in comments can be leveraged for phishing

The report points out that a link in shared file's comments could say one thing in the text but actually point to another website. This is a risk we have always accepted: the document preview could also contain links, the legit links could point to shorteners. Additionally, Dropbox Paper supports...

DropboxC2C - A Post-Exploitation Agent Which Uses Dropbox Infrastructure For Command And Control Operations

DropboxC2C is a post-exploitation agent which uses Dropbox Infrastructure for command and control operations. DO NOT USE THIS FOR MALICIOUS PURPOSES. THE AUTHOR IS NOT RESPONSIBLE FOR ANY MISUSE OF THIS PROGRAM. Structure main.py - The "server" part which manages all the agents. agent.py - The...

Authorization Bypass

Moodle is vulnerable to authorization bypass. A malicious user can access the contents of another logged out user's dropbox through the dropbox repository file picker as long as the browser session is continued...

Cross site scripting

Cross-site scripting XSS vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress...

CVE-2014-9310

Cross-site scripting XSS vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress...

CVE-2014-9310

Cross-site scripting XSS vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress...

CVE-2014-9310

CVE-2014-9310 is a XSS vulnerability in the WordPress Backup to Dropbox plugin for WordPress, exposed in versions before 4.1. The issue is categorized as a reflected XSS (per WPVulnDB) where unsanitized/reflected user input can be returned in responses. Impact: user sessions/credentials could be ...

For many well-known companies impact of Oracle Responsys local file inclusion vulnerability-vulnerability warning-the black bar safety net

Today I want to show you is, how do I find the Oracle Responsys cloud service system in a local file inclusion vulnerabilities LFI Airport. Due to the current commercial sales, network storage and social relationships companies are using the Oracle Responsys cloud solution, so that the...

LinkedIn Hacker, Wanted by US & Russian, Can be Extradited to Either State

The alleged Russian hacker, who was arrested by the Czech police in Prague last October on suspicion of massive 2012 data breach at LinkedIn, can be extradited to either the United States or Russia, a Czech court ruled on Tuesday. Yevgeniy Aleksandrovich Nikulin, a 29-years-old Russian national, ...