Cybersecurity researchers have revealed information on a now-patched bug in Box multi-factor authentication (MFA). The bug could be exploited to circumvent SMS-based login verification. “Using this technique, an attacker could use stolen credentials to compromise an organization’s Box account and exfiltrate sensitive data without access to the victim’s phone,” Varonis researchers said in a report … Continue reading Box account’s 2-factor authentication system can be circumvented