Posts Tagged: Amazon Macie


18
Aug 17

Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight

Last week, security firm DirectDefense came under fire for over-hyping claims that Cb Response, a cybersecurity product sold by competitor Carbon Black, was leaking proprietary data from customers who use it. Carbon Black responded that the bug identified by its competitor was a feature, and that customers were amply cautioned in advance about the potential privacy risks of using the feature. Now Carbon Black is warning that an internal review has revealed a wholly separate bug in Cb Response that could in fact result in some customers unintentionally sharing sensitive files.

cblogoAs noted in last week’s story, DirectDefense warned about a problem with Cb Response’s use of Google’s VirusTotal — a free tool that lets anyone submit a suspicious file and have it scanned against dozens of commercial anti-malware tools. There is also a paid version of VirusTotal that allows customers to examine any file uploaded to the service.

Specifically, DirectDefense claimed that Cb Response’s sharing of suspicious files with VirusTotal could expose sensitive data because VirusTotal allows paying customers to download any files submitted by other users. DirectDefense labeled the bug “the world’s largest pay-for-play data exfiltration botnet.”

Numerous industry analysts leapt to Carbon Black’s defense — with some even calling “bullshit” on the findings — pointing out that plenty of other vendors submit files through Virustotal and that DirectDefense was merely trying to besmirch a competitor’s product.

But earlier this week, Carbon Black began quietly notifying customers that an internal review of the claims revealed a completely different bug that could result in some benign customer files being miscategorized as executable files and inadvertently uploaded to Virustotal for scanning.

“On Thursday, we discovered a bug affecting a small percentage of our Cb Response customers,” said Mike Viscuso, co-founder and chief technology officer at Carbon Black. “Our review is still ongoing, but based on what we learned to date it requires a very specific customer configuration, and we have already taken steps to remediate the bug and protect our customers.” Continue reading →