/ Security News /

Cybersecurity researchers have disclosed details of a now-patched bug in Box’s multi-factor authentication (MFA) mechanism that could be abused to completely sidestep SMS-based login verification. “Using this technique, an attacker could use stolen credentials to compromise an organization’s Box account and exfiltrate sensitive data without access to the victim’s phone,” Varonis researchers said in a …

/ Security News /

Microsoft 365 (M365), formerly called Office 365 (O365), is Microsoft’s cloud strategy flagship product with major changes ahead, such as the deprecation of their legacy authentication protocols. Often stored on or saved to the device, Basic Authentication protocols rely on sending usernames and passwords with every request, increasing the risk of attackers capturing users’ credentials, …

A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called “Verification of Interaction Authenticity” (aka VIA), the recurring authentication scheme aims to solve the problem of passive, continuous authentication and automatic deauthentication once two devices are paired …

/ Security News /

Zero Trust is increasingly being adopted as the best strategy to maintain application security and prevent data breaches. To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by mobile operators – without the overhead of processing or …

/ Security News /

An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets. It is a common misconception that cybercriminals usually lay …

/ Security News /

cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as “SEC-575” and discovered by researchers from Digital Defense, has been remedied by the company in …

Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects. Issue-tracking application Jira, Git repository BitBucket, continuous integration and deployment server Bamboo, and team collaboration platform Confluence are all considered to be proven agile tools. Considering how popular agile has become, …

/ Security News /

The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The Android app, called “TrickMo” by IBM X-Force researchers, is under active development and has exclusively targeted German users …

/ Security News /

Smart doorbells and cameras bring a great sense of security to your home, especially when you’re away, but even a thought that someone could be spying on you through the same surveillance system would shiver up your spine. Following several recent reports of hackers gaining access to people’s internet-connected Ring doorbell and security cameras, Amazon …