Box 2FA Bypass Opens User Accounts to Attack

A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements. A security hole in Box, the cloud-based…

Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks

Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details. The mobile app that all…

Critical ManageEngine Desktop Server Bug Opens Orgs to Malware

Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. A critical security vulnerability in the Zoho ManageEngine Desktop Central and Desktop Central…

Organizations Face a ‘Losing Battle’ Against Vulnerabilities

Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said. After a banner year for vulnerabilities and cyberattacks in…

Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High

Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits, researchers found. 2021 dragged itself to a close under a Log4Shell-induced blitzkrieg.…

Google Voice Authentication Scam Leaves Victims on the Hook

The FBI is seeing so much activity around malicious Google Voice activity, where victims are associated with fraudulent virtual phone numbers, that it sent out an alert this week. Fluffy…

Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying

The ‘NoReboot’ technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen. In the world…

What the Rise in Cyber-Recon Means for Your Security Strategy

Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs. As we move into 2022, bad…

5 Cybersecurity Trends to Watch in 2022

Here’s what cybersecurity watchers want infosec pros to know heading into 2022.   No one could have predicted the sheer chaos the cybersecurity industry would experience over the course of…

That Toy You Got for Christmas Could Be Spying on You

Security flaws in the recently released Fisher-Price Chatter Bluetooth telephone can allow nearby attackers to spy on calls or communicate with children using the device. Many adults found it charming…