Advantex Weekly Threat Report – December 23rd, 2019

A round-up of the latest cybersecurity threats and vulnerabilities online.

In this weeks report, we reveal all on the Greta Thunberg Malware emails, how millions of web-browsing data has been leaked online and the zero-day vulnerability affecting Dropbox.

This report is aggregated from recent open source reports online.

 


 

Millions of Web Browsing History Leaked

A database containing almost 900GB of sensitive web-browsing records has been found online, more worryingly, without a password!

South African IT company, Conor Solutions, who boasts a client list including the biggest names in telecommunications, has left an Elasticsearch database online without any password protection. The breached file played host to sensitive information made and stored by the company, including user activity logs that included website URLs and IP addresses.

The leaked file also included user attempts to access social media accounts, cloud storage, messaging apps, and explicit websites.

 


 

The Ultimate Cybersecurity Guide

‘The Ultimate Cybersecurity Guide’ is the go-to guide to help keep your business secure online in 2019.


In the guide you’ll learn:

  • What the risks are
  • What to look out for
  • The consequences of a cyber breach
  • Learn the difference between a cyberattack and a cyberbreach
  • How to boost your cybersecurity

 

Download Your Free Copy

 


 

Fake Greta Thunberg Emails Used to Infect Devices with Malware

As always, you should browse your emails with caution, but more so with an email asking you to support Swedish environmental activist, Greta Thunberg.

Cybersecurity experts have discovered an active malware campaign putting millions of people at risk.

The threat is hidden away inside a Microsoft Word attachment entitled “Support Greta Thunberg.doc.” so if you receive such a document, do not open it!

The purpose of this alarming and malicious campaign is to deliver Emotet, a banking trojan that targets Windows computers, stealing financial credentials and even plant additional and hidden malware.

It is reported that more students have been attacked due to the nature of Thunberg’s environmental efforts, proving popular with the younger generation, so proceed with caution if you receive an email with a subject line of ‘Support Greta Thunberg – Time Person of the Year 2019’.

 


 

Dropbox Zero-Day Confirmed

On September 18th, two cybersecurity researchers discovered some security vulnerabilities and told Dropbox that it would have 90 days to fix the issue before they disclosed it publicly. However, those 90 days have passed, and the threat is still there.

The vulnerability in Dropbox affects Windows with an arbitrary file overwrite issue that can grant hackers with local user access privileges to execute code as SYSTEM.

Whilst an attack using this vulnerability wouldn’t be easy, this doesn’t mean it is not one for concern.

Dropbox said they were first told of the vulnerability via their bug bounty program and will be rolling out a security patch in the coming weeks, but has confirmed they have had no reports of anyone being affected by the bug.

 


 

Don’t get caught out, protect your users, data, and technology!

 

FREE 14-Day Trial

Advanced Cybersecurity Technologies Logo

With Advantex’s ACT suite, we can educate, protect and restore your business from any vulnerabilities online – giving you maximum protection and ultimately empowering you and your workforce into making better and safer day-to-day decisions online.

Send us your details below and we’ll get you started on your FREE no-obligation trial of the Advantex ACT suite.

Don’t take the risk, get in touch today!