Announcements

Our product news has moved to the new Product Updates page. Please update your bookmarks and subscriptions accordingly. Thanks!

Box Product News

20842 Views
11 Comments

Starting 8:00 AM PST on November 12, 2018, Box will block applications that are using the TLS 1.0 encryption protocol. Please refer to this FAQ to learn what is TLS, and how you can upgrade your application to maintain a secure connection.

  • Awareness
859 Views
0 Comments

Box was recently notified of a SAML vulnerability identified by security researchers that threat actors could use to bypass primary authentication, potentially elevating permissions or impersonating privileged accounts.

 

Box's Security team has confirmed that our implementation of SAML was not vulnerable to this issue. We advise that customers review their own SAML implementations against the recommended US-CERT guidelines.

  • Awareness
1725 Views
0 Comments

On Wednesday, January 3rd 2018, details of two CPU vulnerabilities, Meltdown and Spectre, were published.
Google’s Project Zero researchers demonstrated that security flaws could allow attackers to take advantage of speculative execution resulting in unauthorized actors potentially having access to sensitive information in the system’s memory such as passwords.

 

Box is applying patches where relevant to our infrastructure. At this time, we believe the Box service is not directly impacted, and we assess the risk as low. Though the underlying CPU and OS combination in our infrastructure may be affected by these vulnerabilities, the Box service is a closed system that does not allow customers to run custom code against our underlying infrastructure.

 

We are continuing to monitor the situation and will update the Community page. You can learn more about Security at Box here.

Read more...

  • Awareness
2104 Views
3 Comments

On Wednesday, January 3rd 2018, details of two CPU vulnerabilities, Meltdown and Spectre, were published.
Google’s Project Zero researchers demonstrated that security flaws could allow attackers to take advantage of speculative execution resulting in unauthorized actors potentially having access to sensitive information in the system’s memory such as passwords.

At this time, we believe the Box service is not directly impacted, and we assess the risk as low.


We are continuing to monitor the situation and will update the Community page. You can learn more about Security at Box here.

Read more...

  • Awareness
2734 Views
0 Comments

Box has been made aware of a security issue impacting customers of Cloudflare. You can find a related public article from Cloudfare on this issue with full details at https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug. We thought it would be helpful to share some information from the Box Security Team.
 
Our Security Team has validated there is no impact to Box or customer content. While Box uses CDN solutions including Cloudflare for static content, Box does not use the Cloudflare features (email obfuscation, Server-side Excludes and Automatic HTTPS Rewrites) impacted by the issue.
 
If you should have any concerns or follow-up questions, please file a case to connect with a member of our User Services Team.

  • Awareness

Please log in to subscribe

Stay up to date!

Subscribe to Box newsletters:


First time here?

Tips to get you started: