Cybersecurity Weekly: Thunderbolt flaws, DocuSign phishing, Sharefile vulnerability

May 12, 2020 by Sam Fay

New Thunderbolt security flaws affect systems shipped before 2019. A DocuSign phishing campaign uses COVID-19 as bait. A Citrix ShareFile flaw could let attackers steal data. All this, and more, in this week’s edition of Cybersecurity Weekly.


1. New Thunderbolt security flaws affect systems shipped before 2019

Attackers who gain physical access to Windows, Linux or macOS devices can access and steal data from their hard drives by exploiting seven vulnerabilities found in Intel’s Thunderbolt hardware interface and collectively known as Thunderspy. The new attack makes it possible for attackers to steal information from any vulnerable Thunderbolt-enabled device.
Read more »


2. DocuSign phishing campaign uses COVID-19 as bait

DocuSign users on Office 365 are the target of a new phishing campaign that features COVID-19 as a lure to convince them to offer up their credentials in return for pandemic information. According to researchers, up to 60,000 DocuSign users have received the phishing email, which purports to be an automated message from DocuSign.
Read more »


3. Citrix ShareFile flaw could let attackers steal data

Over the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting the Citrix ShareFile content collaboration platform. If exploited, the vulnerabilities could allow an unauthenticated attacker to access sensitive ShareFile documents and folders.
Read more »


4. Black Hat and DEF CON security conferences go virtual

DEF CON and Black Hat announced last week that their security conferences in Las Vegas this summer will no longer be in-person. DEF CON, who has a running joke every year that their conference is being canceled, have actually gone through with it and now entered “Safe Mode with Networking”’ as they switch to an online conference.
Read more »


5. Rail vehicle manufacturer Stadler hit by cyberattack

International rail vehicle construction company Stadler disclosed that it was the victim of a cyberattack which might have also allowed the attackers to steal company and employee data. After the attack was discovered and contained, the attackers also asked for a large ransom and attempted to blackmail the company by threatening to leak stolen data.
Read more »


6. DigitalOcean data leak incident exposed some of its customers’ data

DigitalOcean, one of the biggest modern web hosting platforms, was recently hit with a concerning data leak incident that exposed some of its customers’ data to unknown and unauthorized third parties. Though the hosting company has not yet publicly released a statement, it has started warning affected customers of the scope of the breach via an email.
Read more »


7. ChatBooks discloses data breach after data sold on dark web

ChatBooks photo print service has informed its customers that user information was stolen from their systems following a cyberattack. Data consisting of 15 million user records is now being offered for sale on the dark web. This breach is part of a spree of leaks from a group of hackers that is now selling over 73 million user records from 11 companies.

Read more »


8. Sodinokibi ransomware can now encrypt open and locked files

The Sodinokibi ransomware added a new feature that allows it to encrypt more of a victim’s files, even those that are opened and locked by another process. Cyber researchers spotted Sodinokibi using the Windows Restart Manager API to close processes or shut down Windows services keeping a file open during encryption.
Read more »


9. Undisclosed critical vulnerability affects vBulletin forums

Maintainers of the vBulletin project recently announced an important patch update, but didn’t reveal much information on the underlying security vulnerability. Cybersecurity researchers and hackers have already started reverse-engineering the software patch to locate and understand the vulnerability.
Read more »


10. Over 4,000 Android apps expose users’ data in misconfigured Firebase databases

According to a report by cybersecurity researcher Bob Diachanko, more than 4,000 Android apps that use Google’s cloud-hosted Firebase databases are unknowingly leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data.
Read more »

Posted: May 12, 2020
Sam Fay
View Profile