Box 2FA Bypass Opens User Accounts to Attack
A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements.
Read moreCloud Security
Cybercriminals Actively Target VMware vSphere with Cryptominers
VMware’s container-based application development environment has become attractive to cyberattackers.
Read moreCritical ManageEngine Desktop Server Bug Opens Orgs to Malware
Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution.
Read moreAmazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign
A cloudy campaign delivers commodity remote-access trojans to steal information and execute code.
Read moreHere’s REALLY How to Do Zero-Trust Security
It’s not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey.
Read moreMicrosoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score.
Read moreEoL Systems Stonewalling Log4j Fixes for Fed Agencies
End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare, federal cyberserurity CTO Matt Keller says.
Read moreCyberattackers Hit Data of 80K Fertility Patients
Fertility Centers of Illinois’ security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files.
Read morePartially Unpatched VMware Bug Opens Door to Hypervisor Takeover
ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch.
Read moreSEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More
SEGA’s disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.
Read more