Box 2FA Bypass Opens User Accounts to Attack

A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements. A security hole in Box, the cloud-based…

Cybercriminals Actively Target VMware vSphere with Cryptominers

VMware’s container-based application development environment has become attractive to cyberattackers. Organizations running sophisticated virtual networks with VMware’s vSphere service are actively being targeted by cryptojackers, who have figured out how…

Critical ManageEngine Desktop Server Bug Opens Orgs to Malware

Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. A critical security vulnerability in the Zoho ManageEngine Desktop Central and Desktop Central…

Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign

A cloudy campaign delivers commodity remote-access trojans to steal information and execute code. Cyberattackers are abusing Amazon Web Services (AWS) and Azure Cloud services to deliver a trio of remote…

Here’s REALLY How to Do Zero-Trust Security

It’s not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey. Zero-trust is without a doubt the new buzzword of…

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score. Microsoft has addressed a total of 97 security vulnerabilities in its…

EoL Systems Stonewalling Log4j Fixes for Fed Agencies

End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare, federal cyberserurity CTO Matt Keller says. Last month, federal…

Cyberattackers Hit Data of 80K Fertility Patients

Fertility Centers of Illinois’ security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files. The protected health information of nearly 80,000 patients…

Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover

ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch. A…

SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More

SEGA’s disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets. Gaming giant SEGA Europe recently discovered that its sensitive data was being stored in…