Box 2FA Bypass Opens User Accounts to Attack

A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements. A security hole in Box, the cloud-based…

Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks

Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details. The mobile app that all…

Cloned Dept. of Labor Site Hawks Fake Government Contracts

A well-crafted but fake government procurement portal offers the opportunity to submit a bid for lucrative government projects — but harvests credentials instead. A new phishing campaign is targeting aspiring…

Will 2022 Be the Year of the Software Bill of Materials?

Praise be & pass the recipe for the software soup: There’s too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable. Here, have a can of soup.…

The Log4j Vulnerability Puts Pressure on the Security World

It’s time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking. It’s not my intention to be alarmist about the Log4j…

‘White Rabbit’ Ransomware May Be FIN8 Tool

It’s a double-extortion play that uses the command-line password ‘KissMe’ to hide its nasty acts and adorns its ransom note with cutesy ASCII bunny art. A new ransomware family, White…

Organizations Face a ‘Losing Battle’ Against Vulnerabilities

Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said. After a banner year for vulnerabilities and cyberattacks in…

Top Illicit Carding Marketplace UniCC Abruptly Shuts Down  

UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what’s next. A top underground market for buying and selling stolen credit-card details, UniCC, has announced it’s…

Real Big Phish: Mobile Phishing & Managing User Fallibility

Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike. According to…

Critical Cisco Contact Center Bug Threatens Customer-Service Havoc

Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers. A critical security bug affecting Cisco’s Unified Contact Center…