You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- Companies are Misusing VirusTotal and Exposing Confidential Data, Research Finds

Companies are Misusing VirusTotal and Exposing Confidential Data, Research Finds
Companies are Misusing VirusTotal and Exposing Confidential Data, Research Finds- October 22, 2019
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/VirusTotal-banner.png)
- Researchers said that they’ve discovered thousands of unprotected files from companies across the pharmaceutical, industrial, automotive and food sectors.
- These files contained information ranging from blueprints, supply chains to building entry points.
What’s the matter?
Security researchers from OTORIO have uncovered that companies are unintentionally exposing data including factory blueprints and intellectual property by misusing Alphabet’s virus scanner.
Why it matters?
VirusTotal is a virus scanner, which is owned by Alphabet’s cybersecurity subsidiary Chronicle. VirusTotal makes scanned documents available to companies for the detection of malware. However, some companies are misusing the virus scanner and are exposing sensitive documents.
What was exposed?
Researchers said that they’ve discovered thousands of unprotected files from companies across the pharmaceutical, industrial, automotive and food sectors, as part of a project to research the malware logged by VirusTotal.
These files contained information ranging from blueprints, supply chains to building entry points.
“From what we found, we could design a very constructive hack. We found files that gave us a blueprint of how to infiltrate the production floor. The companies’ trademarked secrets are on those blueprints,” said Daniel Bren, Chief Executive Officer at Otorio.
Worth noting
VirusTotal’s online terms of service state that users agree to only upload documents that they wish to publicly share and warn them to not to submit any files that contain confidential, commercially sensitive, or personal data without permission.
Bren noted that researchers can get access to the uploaded files with an agreement not to make commercial use of the information. However, some researchers are misusing the service and are publishing the incoming documents.
Response from the vendor
Otorio notified VirusTotal about its findings in July. The company acknowledged the findings and agreed that there was a need to raise awareness about how the service works and how security applications should be configured.
A spokesperson for VirusTotal said that the company screens all customers before giving them access to the data. “Researchers don’t have searchable access to the file base and customers that are found to abuse any data are cut off, the representative said,” the spokesperson said, Bloomberg reported.
- + Aware
Get such articles in your inbox
News
-
Previous News Gustuff Trojan Returns With Updated Features
- October 22, 2019
- |
- Malware and Vulnerabilities
-
Next News Security Researchers Discover New Campaign That Delivers New Remcos RAT Variant
- October 22, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
Categories
Get such articles in your inbox
News
-
Previous News Gustuff Trojan Returns With Updated Features
- October 22, 2019
- |
- Malware and Vulnerabilities
-
Next News Security Researchers Discover New Campaign That Delivers New Remcos RAT Variant
- October 22, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
Categories
