Skip to main content

US-Based Security Firm DirectDefense Accused Carbon Black Of Leaking Terabytes Of Sensitive Data (Not Intentionally) Belonging To Top Companies


In a shocking blog post made on Wednesday, a US-based security firm DirectDefense accused Carbon Black of leaking terabytes of sensitive data (not intentionally) belonging to top companies, some of them having their names on the Fortune 1000 list.

The test cases described in the post include a last streaming media company, social media company, financial services company, etc.
Carbon Black provides their EDR (Endpoint Detection and Response) tool in the name of Cb Response. According to Direct Defense, user files and other fishy files are transferred to third-party anti-virus scanning tools to make sure they are safe for the use on the network of the concerned company.
Pointing towards an architectural flaw in Cb Response, DirectDefense claimed that it’s possible to gain access to the data. They were able to replicate the discovery process for a few organizations using the product.
Here are the types of data included in the leak:
  • Cloud keys (AWS, Azure, Google Compute) – which could allow hackers to easily access all cloud resources.
  • App store keys (Google Play Store, Apple App Store) – allowing for rogue applications that could be updated in place of legitimate apps.
  • Internal usernames, passwords, and network intelligence
    Communications infrastructure data (Slack, HipChat, SharePoint, Box, Dropbox, etc.).
  • Single sign-on/two-factor keys.
  • Customer data.
  • Proprietary internal applications (custom algorithms, trade secrets).
DirectDefense’ president Jim Broome said in a statement that their “security team has uncovered the world’s largest pay-for-play data exfiltration botnet, and it’s being orchestrated through a solution that’s meant to protect the exact data that is being leaked.
Broome further added that organizations that are leveraging Cb Response and similar EDR solutions, which depend on third-party anti-virus multi scanners, need to be aware of the threats associated with such products.
Carbon Black’s co-founder and CTO Michael Viscuso said that the conclusions made regarding the architectural flaw are not correct and the ability to share files with third-party scanners is an optional feature (turned off by default). The clients for whom DirectDefense was able to gain access to the data might have enabled the feature to share files.
“In Cb Response, there is an optional, customer-controlled configuration (disabled by default) that allows the uploading of binaries (executables) to VirusTotal for additional threat analysis. This option can be enabled by a customer, on a per-sensor group basis. When enabled, executable files will be uploaded to VirusTotal, a public repository and scanning service owned by Google.”

Comments

WHAT'S HOT

Amazon Cuts Huawei Watch 2 Price To $194.99

Huawei's latest smartwatch has received a temporary price cut in the United States. There is no word on how long the promotion will last, but those interested

This Medical Camera Can See Right Through Human Body

Now, a team at the University of Edinburgh has developed a medical camera that can see right through your body. This new camera works by detecting light sources inside the body, such as

Google Search About To Receive A New “Speed Test Tool”, Here Is How To Use It

I use the Speed Test tool by Ookla to check the speed of my broadband connection. Generally, I use Google Search to visit the website. But the last time when I Googled the term “speed test,” I didn’t have to go much further than the search result itself.

The First Ubuntu 17.10 Beta Release Is Finally Here-Download 7 Different Flavors Here

Following the tradition, the first Beta release hasn’t witnessed the participation of default Ubuntu release, which will now ship with GNOME desktop environment. This brings us to the