A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements.
https://threatpost.com/box-2fa-bypass-accounts-attack/177760/
Defending Assets You Don’t Know About Against Cyberattacks
-
No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.
https://threatpost.com/defending-unknown-assets-cyberattacks/175730/