TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Amazon says it has ‘hundreds’ of Rivian electric vans making deliveries in the US

    November 7, 2022

    Ryanair swings to first-half profit and raises passenger forecast

    November 7, 2022

    Devialet brings its sci-fi design aesthetics to a $790 portable speaker

    November 7, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Amazon says it has ‘hundreds’ of Rivian electric vans making deliveries in the US

      November 7, 2022

      Devialet brings its sci-fi design aesthetics to a $790 portable speaker

      November 7, 2022

      Elon Musk’s response to fake verified Elon Twitter accounts: a new permanent ban policy for impersonation

      November 7, 2022

      The iPhone 14 Pro and Pro Max will come with ‘longer wait times’ due to factory lockdown

      November 6, 2022

      Meta’s reportedly planning to lay off ‘thousands’ of workers this week

      November 6, 2022
    • Business
    • Cyber Security
      National Security News

      List of 620 Russian spies, featuring one alleged agent at the centre of one of the biggest personal scandals in Wall Street history.

      September 24, 2022

      Cybersecurity ranked most serious enterprise risk in 2022

      August 31, 2022

      Registration open for CISA virtual summit on K-12 school safety

      August 31, 2022

      What do the Trickbot leaks reveal about Russian cybercrime?

      August 31, 2022

      What cybersecurity measures do CISOs outsource?

      August 30, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Box Enterprise Shared Links Leak Sensitive Information
    Cyber Security

    Box Enterprise Shared Links Leak Sensitive Information

    March 12, 2019Updated:March 12, 2019No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Box enterprise shared links can leak sensitive information if access to them hasn’t been restricted to relevant users only, Adversis security researchers warn.

    All companies using Box enterprise cloud storage get their own sub-domain, and the service also allows for the easy sharing of documents stored on Box, via unique URLs. However, it is rather trivial to brute-force the sub-domain, shared URL, and folder names, the researchers discovered. 

    The issue isn’t new and has been reported on in the past, but remains a problem, at least if access isn’t configured properly. Access to Box Shared Links can be set to anyone with the link, users within a Box enterprise or with accounts on the sub-domain, or only to the users who have been invited to a folder/file.

    Without properly configured access, tons of sensitive information could be exposed to the Internet, and this is exactly what Adversis has discovered. 

    “After identifying thousands of Box customer sub-domains through standard intelligence gathering techniques and using a relatively large wordlist, we discovered hundreds of thousands of documents and terabytes of data exposed across hundreds of customers,” the researchers say.

    While most of the data was public, some of it included sensitive information such as passport photos, social security and bank account numbers, high profile technology prototype and design files, employee lists, financial data, invoices, internal issue trackers, customer lists and archives of years of internal meetings, and IT data, VPN configurations, and network diagrams.

    The researchers say that the sheer number of impacted companies made it impossible to notify all of them. However, with some organizations having thousands of sensitive documents accessible to anyone, Adversis notified only those with highly sensitive data exposed. 

    Box too was made aware of the issue, and the company updated its guidelines to underline the fact that Custom Shared Links could expose sensitive information, given that anyone able to guess the URL could access the content. 

    To reduce the accidental creation of public links, Box recommends restricting Shared Link access to users within the company, keeping constant track of public custom shared links, and avoiding to create public custom shared links to content not intended for public consumption.

    The security researchers also published on GitHub code that makes it easy to find the Box accounts of organizations and start scanning for exposed content. 

    Related: Thousands of Mobile Apps Leak Data from Firebase Databases

    Related: China Arrests Suspect for Customer Data Leak at Accor Partner

    Ionut Arghire is an international correspondent for SecurityWeek.

    Previous Columns by Ionut Arghire:
    Tags:



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    National Security News

    List of 620 Russian spies, featuring one alleged agent at the centre of one of the biggest personal scandals in Wall Street history.

    September 24, 2022 Cyber Security

    Cybersecurity ranked most serious enterprise risk in 2022

    August 31, 2022 Cyber Security

    Registration open for CISA virtual summit on K-12 school safety

    August 31, 2022 Cyber Security

    What do the Trickbot leaks reveal about Russian cybercrime?

    August 31, 2022 Cyber Security

    What cybersecurity measures do CISOs outsource?

    August 30, 2022 Cyber Security

    SIA announces Women in Security Forum scholarship recipients

    August 30, 2022 Cyber Security
    Editors Picks

    Ryanair swings to first-half profit and raises passenger forecast

    November 7, 2022

    Devialet brings its sci-fi design aesthetics to a $790 portable speaker

    November 7, 2022

    Google Cloud Says Running Validator on Solana Blockchain

    November 7, 2022

    European stocks rise as investors boosted by China speculation

    November 7, 2022
    Trending Now

    Evergrande creditors sell ‘Versailles mansion’ plot in Hong Kong

    By techbizweb

    OpenSea Creates Tool for NFT Creators to Enforce Royalties On-Chain

    By techbizweb

    FTSE chairs warn of declining relations with institutional investors

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2023 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.