Box 2FA Bypass Opens User Accounts to Attack

A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements. A security hole in Box, the cloud-based…

Unauthenticated XSS Vulnerability Patched in HTML Email Template Designer Plugin

WordFence –  WordFence –  On December 23, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “WordPress Email Template Designer – WP…

Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks

Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details. The mobile app that all…

Will 2022 Be the Year of the Software Bill of Materials?

Praise be & pass the recipe for the software soup: There’s too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable. Here, have a can of soup.…

The Log4j Vulnerability Puts Pressure on the Security World

It’s time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking. It’s not my intention to be alarmist about the Log4j…

Critical ManageEngine Desktop Server Bug Opens Orgs to Malware

Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. A critical security vulnerability in the Zoho ManageEngine Desktop Central and Desktop Central…

Organizations Face a ‘Losing Battle’ Against Vulnerabilities

Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said. After a banner year for vulnerabilities and cyberattacks in…

Threat Roundup for January 7 to January 14

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Jan. 7 and Jan. 14. As with previous roundups, this post isn’t meant to be an…

Real Big Phish: Mobile Phishing & Managing User Fallibility

Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike. According to…

Critical Cisco Contact Center Bug Threatens Customer-Service Havoc

Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers. A critical security bug affecting Cisco’s Unified Contact Center…