Varonis debuts trailblazing features for securing Salesforce. Learn More

Introducing Athena AI our new generative AI layer for the Varonis Data Security Platform.

Learn more

Threat Update 68 - Box MFA Bypass and the Need for Defense in Depth

1 min read
Last updated February 11, 2022

Multi-Factor Authentication (MFA) is a critical security control in the increasingly cloud-first world, but like all software, there can be vulnerabilities. The Varonis Threat Research team discovered, and responsibly disclosed, a vulnerability in Box's implementation of MFA which could have allowed an attacker to gain unauthorized access to a Box environment.

Kilian Englert and Ryan O'Boyle from the Varonis Cloud Architecture team use the Varonis threat research as a jumping-off point to discuss cloud defense-in-depth strategy, and layered security controls can help mitigate damage from the next inevitable vulnerability.

To learn more about the MFA bypass threat research, please visit:
https://www.varonis.com/blog/box-mfa-bypass-totp/

Watch Varonis threat researcher Kody Kinzie demonstrates how an attacker could use stolen credentials to compromise an organization's Box account and exfiltrate sensitive data *without* providing a one-time password.

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Try Varonis free.
Get a detailed data risk report based on your company’s data.
Deploys in minutes.
Keep reading