Box 2FA Bypass Opens User Accounts to Attack
A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements.
Read moreVulnerabilities
Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks
Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details.
Read moreWill 2022 Be the Year of the Software Bill of Materials?
Praise be & pass the recipe for the software soup: There’s too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable.
Read moreThe Log4j Vulnerability Puts Pressure on the Security World
It’s time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking.
Read moreCritical ManageEngine Desktop Server Bug Opens Orgs to Malware
Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution.
Read moreOrganizations Face a ‘Losing Battle’ Against Vulnerabilities
Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said.
Read moreReal Big Phish: Mobile Phishing & Managing User Fallibility
Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.
Read moreCritical Cisco Contact Center Bug Threatens Customer-Service Havoc
Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers.
Read moreThree Plugins with Same Bug Put 84K WordPress Sites at Risk
Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform.
Read moreMicrosoft Yanks Buggy Windows Server Updates
Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable.
Read more