Threat Update 68 - Box MFA Bypass and the Need for Defense in Depth
source link: https://www.varonis.com/blog/threat-update-68-box-mfa-bypass-and-the-need-for-defense-in-depth
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Inside Out Security Blog / Cybersecurity News
Threat Update 68 - Box MFA Bypass and the Need for Defense in Depth
Multi-Factor Authentication (MFA) is a critical security control in the increasingly cloud-first world, but like all software, there can be vulnerabilities. The Varonis Threat Research team discovered, and responsibly disclosed, a vulnerability in Box's implementation of MFA which could have allowed an attacker to gain unauthorized access to a Box environment.
Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team use the Varonis threat research as a jumping-off point to discuss cloud defense-in-depth strategy, and layered security controls can help mitigate damage from the next inevitable vulnerability.
To learn more about the MFA bypass threat research, please visit:
https://www.varonis.com/blog/box-mfa-bypass-totp/
Watch Varonis threat researcher Kody Kinzie demonstrates how an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data *without* providing a one-time password.
Kilian Englert
Kilian has a background in enterprise security engineering, as well as security solution selling. Kilian is a Certified Information Systems Security Professional (CISSP) and creates internal and public content on topics related to cyber security and technology best practices.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK