Cybersecurity Weekly: Thunderbolt flaws, DocuSign phishing, Sharefile vulnerability

Infosec_Sam

New Thunderbolt security flaws affect systems shipped before 2019. A DocuSign phishing campaign uses COVID-19 as bait. A Citrix ShareFile flaw could let attackers steal data. All this, and more, in this week’s edition of Cybersecurity Weekly.

 

1. New Thunderbolt security flaws affect systems shipped before 2019

Attackers who gain physical access to Windows, Linux or macOS devices can access and steal data from their hard drives by exploiting seven vulnerabilities found in Intel's Thunderbolt hardware interface and collectively known as Thunderspy. The new attack makes it possible for attackers to steal information from any vulnerable Thunderbolt-enabled device.
Read more »

 

2. DocuSign phishing campaign uses COVID-19 as bait

DocuSign users on Office 365 are the target of a new phishing campaign that features COVID-19 as a lure to convince them to offer up their credentials in return for pandemic information. According to researchers, up to 60,000 DocuSign users have received the phishing email, which purports to be an automated message from DocuSign.
Read more »

 

3. Citrix ShareFile flaw could let attackers steal data

Over the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting the Citrix ShareFile content collaboration platform. If exploited, the vulnerabilities could allow an unauthenticated attacker to access sensitive ShareFile documents and folders.
Read more »

For more cybersecurity news stories like these, check out the blog »

Looking for certification prep and technical skills development content? Visit our website to check out Infosec Skills! The platform has 70 learning paths, 600 courses and 150 virtual labs where you can try out new skills in a sandboxed environment. Try it free for 30 days with promo code: infoseccommunity

Try Infosec Skills »