Critical Security Update

Dropbox, Windows Server, Multiple Hacking Attempts

Risk 1: Medium

Issue: Windows Server has had multiple recent updates that have impacted stability, authentication services, and VPN management. This vulnerability impacts on-premise or customer-owned Windows Servers, not servers within the Microsoft ecosystem.

Resolution: At this moment, no full vulnerability patch is available. Users experiencing problems should attempt to mitigate outages by regular, scheduled reboots until a patch is deployed.

Risk 2: Low

Issue: There has been an increase in vishing (voice phishing) attacks by hackers out of Iran targeting financial services and healthcare professionals claiming to be journalists.

Resolution: Remain diligent to ensure you do not provide any information to unknown third-parties. More so, make sure you validate the identities of anybody you interact with, especially if they are new.

Risk 3: Low

Issue: Multiple groups out of North Korea are exploiting vulnerabilities in organizations’ DMARC policies. DMARC is the policy that authenticates e-mails through an organization’s domain server. For example, it is what authenticates platforms like MailChimp to send e-mails on your behalf. These groups are exploiting these systems to send spoofed (fake) e-mails from other organizations.

Resolution: As the owner of a domain, work with your domain provider to ensure that your domain settings are locked and marked private. This usually has a small, annual fee so please be prepared to pay for that.

Secondly, as a user, be extra cautious about new e-mail formats or unexpected e-mails from organizations you typically work with or review.

Risk 4: High

Issue: Dropbox announced that their systems were breached and customer data was stolen including authentication secrets from their eSignature platform.

Resolution: Anybody using Dropbox should remove their MFA configuration, clear it, and reconfigure from scratch. Users should also reset passwords and force all systems to log out. Finally, all eSignature tokens and requests should be canceled and deleted.

Announced Data Breaches

• Zscaler

• University System of Georgia

• Ascension Healthcare

• City of Wichita

• DocGo

• Ministry of Defense (UK)

• Transport and Communications Agency (Finland)

• Dropbox

Subscribe for E-Mail Alerts

Subscribe to Guardian Tier

Share