Security Holes Found In Some DLP Products

  • 30 July 2014
  • 0 replies
  • 379 views

Userlevel 7
Comment/ Flaws were found  that would allow an attacker to reconfigure or change the behavior of the DLP system so that it no longer monitors data leaks.There will be names named next week on this.
=================================================================================================
By: Kelly Jackson Higgins  Posted on July 30 2014
 
Researchers to reveal key security flaws in commercial and open-source data loss prevention software at Black Hat USA next week.
It's a case of a security tool harboring security vulnerabilities: A pair of researchers has discovered multiple flaws in commercial and open-source data loss prevention (DLP) products.
Zach Lanier, senior security researcher at Duo Security, and Kelly Lum, security engineer with Tumblr, next week at Black Hat USA in Las Vegas will demonstrate the cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities they discovered in four commercial DLP products and one open-source tool they investigated. They plan to name names next week during their talk, "Stay Out of the Kitchen: A DLP Security Bake-Off," where they also will provide proof-of-concept attack examples.
 
DarkReading/ full read here/ http://www.darkreading.com/vulnerabilities---threats/security-holes-found-in-some-dlp-products/d/d-id/1297664?

0 replies

Be the first to reply!

Reply