CyberSecurity Pulse 2016-09-01

CyberSecurity Pulse 2016-09-01

“He knows nothing; and he thinks he knows everything. That points clearly to a political career.”
George Bernard Shaw

Analyst Insight

Dropbox Confirms Another Major Leak: Time to Think Again About Our Password Policies

This week, the mass media has aired the leak of more than 68 million Dropbox accounts that would include salted hashed passwords. The company officially confirmed this in an email sent to his users in August 27th. The incident was supposed to take place in mid-2012 and would be linked to the steal of the password of an employee that was also publicly reported by the end of July of that same year.CyberSecurity Pulse 2016-09-01However, in 2012 the Dropbox official press release pointed out that spam was supposed to be sent to email accounts which had only been used with the Dropbox service as the indicator of a possible unauthorized access. No reference was made then regarding the steal of Dropbox account passwords and, by no means, the chances of such a major databreach were even considered in that statement. Apart from this statement, much more recently, in June 2016, Brian Krebs informed about what appeared to be a false positive report by some leaked credentials monitoring tools regarding a possible leakage affecting Dropbox users. This fact was denied by the company. In any case, Dropbox has forced now a password reset for any user who has not changed his password since 2012 just a “preventive measure”.

This leakage is a new one to be added to the list of high-profile platforms which has been leaked recently in which Myspace, Linkedin, Adobe, Badoo or Tumblr has also been added. Anyway, it’s true that the recommendations published by Dropbox more than four years ago are still valid today: using Two Factor Authentication whenever possible and using password manager tools to help us to deal with unique complex passwords for each and every platform. The question is: which will be the next one?

» More information at Dropbox

Top Stories

The FBI Is Worried About How Encryption Can Make Criminals Harder To Catch

CyberSecurity Pulse 2016-09-01

The FBI Director has stated in the 2016 Symantec Government Symposium held in Washington that he is really concerned about how strong cryptography can help criminals to remain in the dark. Corney says that although Americans has the right of being private in their homes, cars and using their electronic devices, the government has also the right to invade that privacy when appropriate according to law. He has confirmed that his office will make an effort to collect as much information as possible to study the feasibility of forcing technology companies to backdoor their own products. The idea is to provide a mechanism that would let Law Enforcement Agencies gain access to computer systems in spite of the risks that developing such a system will pose to end users in the case of a leak of the golden keys.

» More information at The Register UK

25 Million Accounts from Group Stolen

CyberSecurity Pulse 2016-09-01

Mail.Ru Group confirmed that customer details from up to 25 million accounts have been stolen from hacked servers belonging to the company. Two hackers would have been able to get access to usernames, email addresses, passwords, phone numbers, birthdays and even some IP addresses in at least three different attacks between July and August according to the Russian Ministry of Internal Affairs. Although a spokesman of the company has stated that the credentials would no longer be valid ones, they still can be used to discover valid passwords in other services what could be valuable to conduct new advanced attacks.

» More information at SC Magazine UK

Rest of the Week´s News

Experimental suhide Mod for SuperSU Hides su Binary from Applications

Famous Android developer Chainfire released an experimental app called “Suhide” that allows users to hide the root status of their rooted Android devices. Suhide comes into the picture if you have apps that detect for the presence of root. One of the most popular use cases is Android Pay, but there are several other apps (mainly apps that have to do with banking and corporate security) that will not work if you have root.

» More information at

Voter Databases in Two US States Breached by Hackers

The FBI’s Cyber Division revealed that it uncovered evidence that the election databases were hacked, which led to the agency issuing warnings to election officials across the country to strengthen the security of their computer systems. The news follows on suspicions that Russian state-sponsored hackers were behind the July intrusions into systems belonging to the Democratic National Committee as well as other political groups in order to affect results for the upcoming presidential election.

» More information at SC Magazine UK

Opera Browser Sync Service Hacked

Opera browser has reset passwords of all users for one of its services after hackers were able to gain access to one of its Cloud servers this week. Opera has around 350 Million users across its range products, but around 1.7 Million users using its Sync service had both their synchronized passwords as well as their authentication passwords leaked in the hack.

» More information The Hacker News

Further Reading

Chinese Certificate Authority Gave Out SSL Certs for GitHub Domains

» More information at The Hacker News

Russian MP’s son hacks ‘millions’ of stolen credit cards

» More information at SC Magazine UK

New Vulnerability found in Medical Device Tech

» More information at Ars Technica