09 Aug 2017
A report surfaced yesterday that a leading anti-malware product was leaking terabytes of data. Among its clients are some of the top 100 companies in the US.
According to the report by DirectDefense, Carbon Black’s Cb Response is leaking all kinds of sensitive data, including usernames/passwords, cloud and app store keys, and various trade secrets. The data isn’t openly available online, but can be accessed by governments and corporations.
Carbon Black specializes in security tools that discover and look into suspicious activity on devices receiving data, such as computers and mobile phones. Data is collected on these network endpoints then analyzed to figure out what files are good and which ones are bad so it can offer intelligent protection. These gives the software access to files on the systems it’s analyzing. The problem with this, as outlined by DirectDefense, is that cloud scanning tools are available to any source who wants to pay for it, meaning an organization could access the files scanned by Carbon Black’s software.
DirectDefense gave a real-world example of this. Using a multiscanner, they were able to find internal apps belonging to a telecom company. They found that the files had been uploaded by Carbon Black then, using that information, found terabytes of other files belonging to several different companies.
DirectDefense said that they didn’t know if whether the problem was Carbon Black’s alone or if they were able to find so much information merely because they’re a big player in their game.
CarbonBlack responded by saying that the information found was due to clients turning on a file-sharing option that is turned off by default, insisting that it is not a flaw in the software.