Box flaw allowed to bypass MFA and takeover accounts | allinfosecnews.com

Jan. 19, 2022, 12:52 p.m. | Pierluigi Paganini

Security Affairs securityaffairs.co

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported. Box develops and markets cloud-based content management, collaboration, and file-sharing tools for businesses. […]

The post Box flaw allowed to bypass MFA and takeover accounts appeared first on Security Affairs.

authentication bypass box breaking news bypass flaw hacking hacking news information security news it information security malware mfa pierluigi paganini takeover

More from securityaffairs.co / Security Affairs

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks 5 hours ago | securityaffairs.co

actor adaptive security apt arcanedoor +32

Hackers hijacked the eScan Antivirus update mechanism in malware campaign 12 hours ago | securityaffairs.co

antivirus avast backdoors breaking news +27

US offers a $10 million reward for information on four Iranian nationals 18 hours ago | securityaffairs.co

10 million assets breaking news contractors +26

The street lights in Leicester City cannot be turned off due to a cyber attack 19 hours ago | securityaffairs.co

attack authority breaking news city +14

North Korea-linked APT groups target South Korean defense contractors 1 day, 6 hours ago | securityaffairs.co

agency andariel apt apt groups +29

U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity 1 day, 18 hours ago | securityaffairs.co

business commercial commercial spyware department +19

A cyber attack paralyzed operations at Synlab Italia 1 day, 19 hours ago | securityaffairs.co

april attack breaking news cyber +15

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw 2 days, 4 hours ago | securityaffairs.co

apt apt28 blizzard breaking news +24

Hackers threaten to leak a copy of the World-Check database used to assess potential risks … 2 days, 12 hours ago | securityaffairs.co

breaking news check claims copy +27

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

EY GDS Internship Program - SAP, Cyber, IT Consultant or Finance Talents with German language

@ EY | Wrocław, DS, PL, 50-086

View on infosec-jobs.com

Security Architect - 100% Remote (REF1604S)

@ Citizant | Chantilly, VA, United States

View on infosec-jobs.com

Network Security Engineer - Firewall admin (f/m/d)

@ Deutsche Börse | Prague, CZ

View on infosec-jobs.com

Junior Cyber Solutions Consultant

@ Dionach | Glasgow, Scotland, United Kingdom

View on infosec-jobs.com

Senior Software Engineer (Cryptography), Bitkey

@ Block | New York City, United States

View on infosec-jobs.com