Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Because That's Where the Money Is

Just like banks, corporate content filters can provide the bad guys with valuable things to steal

9:15 AM -- One of the most damaging vulnerabilities is something that companies spend very little time thinking about.

Industrial espionage has some of the greatest potential for long term danger to companies. Those most interested in insider corporate information are also the same people who have the most to gain from the information. I spent a few hours putting together a paper that outlines some of the direct threats, but there are a lot more out there.

For instance, we found that Google calendar can be used as a way to get confidential call-in numbers through nothing more than a simple query. This would allow an attacker or a competitor to listen in on confidential phone calls. Competitors' eavesdropping on your internal secrets isn't the only risk here. It also allows aggressive and illegal investment strategies to be more plausible, without much risk.

Recently, there has been a rash of public CGI proxies floating around the Internet. It occurred to me when I first saw them that these are really the ideal ways to phish people's information. But if you think about who the likeliest users of this technology are, it is actually company employees that sit behind strict content filters.

Allowing them to submit information, talk on message boards, sign in to various tools, all through a single Web interface, is a great place to aggregate information. Additionally, the owner of the proxy has the ability to know where the user is coming from by looking at their IP address. Knowing this information, they can throw away information that may not be interesting.

Ultimately installing content filters and monitoring employee activity can help mitigate a lot of this risk while they are at work. But once they are outside the corporate walls you are taking a big risk. As always, insure that you have non-disclose/non-competes in place with all your employees, and make them aware of some of the more subversive ways competitors and attackers can find sensitive information. I have seen a few companies completely block any traffic from IP space by a competitor.

While that wouldn't stop a determined attacker it can stop non-technical business analysts who may not understand how to circumvent IP blocks. It's a war out there, and it's definitely one you should be fighting.

— RSnake is a red-blooded lumberjack whose rants can also be found at Ha.ckers and F*the.net. Special to Dark Reading

Comment  | 
Print  | 
More Insights
//Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-45824
PUBLISHED: 2022-12-05
Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
CVE-2022-45822
PUBLISHED: 2022-12-05
Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress.
CVE-2022-4282
PUBLISHED: 2022-12-05
A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VD...
CVE-2022-4281
PUBLISHED: 2022-12-05
A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely...
CVE-2022-41807
PUBLISHED: 2022-12-05
Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASK...