Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Intruders Pilfered Over 68 Million Passwords In 2012 Dropbox Breach
Newest First  |  Oldest First  |  Threaded View
lorraine89
50%
50%
lorraine89,
User Rank: Ninja
9/22/2016 | 10:15:16 AM
Dropbox hack
It's just baffling to me that how come companies of such stature and size can become the victim of hacks, what bugs me is that end user is at risk all the time. Risk of information leak lingers over our heads. I use encryption mehtods, file folders password locking method, deploying VPN method, purevpn is the server I use to secure my connection and especially while carrying out banking and other financial transactions to keep my passwords and account secure. 
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
8/31/2016 | 7:58:46 PM
It would be good to work out or understand why Dropbox didn't put its hand up and admit the issue back in 2012.
Begs the question was dropbox aware of the security incident at the time or did they only start doing forensics work when the accounts were leaked?


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-40309
PUBLISHED: 2021-09-24
A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with ...
CVE-2021-40310
PUBLISHED: 2021-09-24
OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.
CVE-2021-28130
PUBLISHED: 2021-09-24
Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters.
CVE-2021-40099
PUBLISHED: 2021-09-24
An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution.
CVE-2021-40100
PUBLISHED: 2021-09-24
An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.