Community, have you noticed that we may be accidentally exposing confidential information of the users we protect by submitting URLs for analysis to URLscan.io?
Credits to: FABIAN BRAUNLEIN
Sensitive URLs to shared documents, password reset pages, team invites, payment invoices and more are publicly listed and searchable on urlscan.io, a security tool used to analyze URLs
Part of the data has been leaked in an automated way by other security tools that accidentally made their scans public (as did GitHub earlier this year)
If we don't take the proper measures regarding the configuration of URL scanning through the XSOAR integration and URLscan.io we have a high risk of your accounts being hijacked through manually activated password resets.
I am attaching an image with a simple mitigation measure in the configuration (Instance Settings), in case you have not applied it yet.
Cortex XSOAR
... View more
2Posts
2Likes
0Solutions
Feb 02, 2023Last Visited
