URLscan.io's SOAR spot: Chatty security tools leaking private data!

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

URLscan.io's SOAR spot: Chatty security tools leaking private data!

L0 Member

Community, have you noticed that we may be accidentally exposing confidential information of the users we protect by submitting URLs for analysis to URLscan.io?

 

Credits to: FABIAN BRAUNLEINCredits to: FABIAN BRAUNLEIN

 

  • Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable on urlscan.io, a security tool used to analyze URLs
  • Part of the data has been leaked in an automated way by other security tools that accidentally made their scans public (as did GitHub earlier this year)
  • If we don't take the proper measures regarding the configuration of URL scanning through the XSOAR integration and URLscan.io we have a high risk of your accounts being hijacked through manually activated password resets.

 

I am attaching an image with a simple mitigation measure in the configuration (Instance Settings), in case you have not applied it yet.

 

XSOAR CONFIG - Prevent.png

 

Cortex XSOAR 

Warm Regards,
Cybersecurity Solutions Research and Development Manager
2 REPLIES 2

L2 Linker

Good point, I was thinking the private option would work only with premium licenses of URL Scan , if thats the case and no premium licenses, best to watch what is the integration used for and reduce its usage.

Exactly!

Warm Regards,
Cybersecurity Solutions Research and Development Manager
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!