TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Russian missile strike on Ukraine shopping mall draws outcry

    June 27, 2022

    Amazon is reportedly hosting a second major Prime-exclusive shopping event this year

    June 27, 2022

    Theresa May leads opposition to bill to rip up N Ireland protocol

    June 27, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Amazon is reportedly hosting a second major Prime-exclusive shopping event this year

      June 27, 2022

      Valve is doubling Steam Deck shipments, so you might get yours faster

      June 27, 2022

      The Supreme Court says it won’t consider rewriting defamation law… yet

      June 27, 2022

      Roku’s capable Streambars are down to their lowest prices

      June 27, 2022

      Tesla reportedly doesn’t have enough desks after Musk threatens to fire remote employees

      June 27, 2022
    • Business
    • Cyber Security

      87% of executives have no cybersecurity tools on personal devices

      June 27, 2022

      CISA releases cloud security reference

      June 27, 2022

      Colin Ahern named New York’s Chief Cyber Officer

      June 27, 2022

      Contractors don’t have to increase your risk profile

      June 27, 2022

      Pharmaceutical company secures network with AppSec compliance tools

      June 24, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Box Enterprise Shared Links Leak Sensitive Information
    Cyber Security

    Box Enterprise Shared Links Leak Sensitive Information

    March 12, 2019Updated:March 12, 2019No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Box enterprise shared links can leak sensitive information if access to them hasn’t been restricted to relevant users only, Adversis security researchers warn.

    All companies using Box enterprise cloud storage get their own sub-domain, and the service also allows for the easy sharing of documents stored on Box, via unique URLs. However, it is rather trivial to brute-force the sub-domain, shared URL, and folder names, the researchers discovered. 

    The issue isn’t new and has been reported on in the past, but remains a problem, at least if access isn’t configured properly. Access to Box Shared Links can be set to anyone with the link, users within a Box enterprise or with accounts on the sub-domain, or only to the users who have been invited to a folder/file.

    Without properly configured access, tons of sensitive information could be exposed to the Internet, and this is exactly what Adversis has discovered. 

    “After identifying thousands of Box customer sub-domains through standard intelligence gathering techniques and using a relatively large wordlist, we discovered hundreds of thousands of documents and terabytes of data exposed across hundreds of customers,” the researchers say.

    While most of the data was public, some of it included sensitive information such as passport photos, social security and bank account numbers, high profile technology prototype and design files, employee lists, financial data, invoices, internal issue trackers, customer lists and archives of years of internal meetings, and IT data, VPN configurations, and network diagrams.

    The researchers say that the sheer number of impacted companies made it impossible to notify all of them. However, with some organizations having thousands of sensitive documents accessible to anyone, Adversis notified only those with highly sensitive data exposed. 

    Box too was made aware of the issue, and the company updated its guidelines to underline the fact that Custom Shared Links could expose sensitive information, given that anyone able to guess the URL could access the content. 

    To reduce the accidental creation of public links, Box recommends restricting Shared Link access to users within the company, keeping constant track of public custom shared links, and avoiding to create public custom shared links to content not intended for public consumption.

    The security researchers also published on GitHub code that makes it easy to find the Box accounts of organizations and start scanning for exposed content. 

    Related: Thousands of Mobile Apps Leak Data from Firebase Databases

    Related: China Arrests Suspect for Customer Data Leak at Accor Partner

    Ionut Arghire is an international correspondent for SecurityWeek.

    Previous Columns by Ionut Arghire:
    Tags:



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    87% of executives have no cybersecurity tools on personal devices

    June 27, 2022 Cyber Security

    CISA releases cloud security reference

    June 27, 2022 Cyber Security

    Colin Ahern named New York’s Chief Cyber Officer

    June 27, 2022 Cyber Security

    Contractors don’t have to increase your risk profile

    June 27, 2022 Cyber Security

    Pharmaceutical company secures network with AppSec compliance tools

    June 24, 2022 Cyber Security

    How secure is your digital supply chain?

    June 24, 2022 Cyber Security
    Editors Picks

    Amazon is reportedly hosting a second major Prime-exclusive shopping event this year

    June 27, 2022

    Theresa May leads opposition to bill to rip up N Ireland protocol

    June 27, 2022

    Valve is doubling Steam Deck shipments, so you might get yours faster

    June 27, 2022

    Johnson insists he has ‘new mandate’ to lead Conservatives

    June 27, 2022
    Trending Now

    Prosus/Tencent: reducing stake further would close valuation gap

    By techbizweb

    Colin Ahern named New York’s Chief Cyber Officer

    By techbizweb

    Cyberattack forces Iran steel company to halt production

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.