Security Holes Found In Some DLP Products

Webroot's picture
Printer-friendly versionPrinter-friendly versionPDF versionPDF version

Comment/ Flaws were found  that would allow an attacker to reconfigure or change the behavior of the DLP system so that it no longer monitors data leaks.There will be names named next week on this.

=================================================================================================

By: Kelly Jackson Higgins  Posted on July 30 2014

 

Researchers to reveal key security flaws in commercial and open-source data loss prevention software at Black Hat USA next week.

It's a case of a security tool harboring security vulnerabilities: A pair of researchers has discovered multiple flaws in commercial and open-source data loss prevention (DLP) products.

Zach Lanier, senior security researcher at Duo Security, and Kelly Lum, security engineer with Tumblr, next week at Black Hat USA in Las Vegas will demonstrate the cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities they discovered in four commercial DLP products and one open-source tool they investigated. They plan to name names next week during their talk, "Stay Out of the Kitchen: A DLP Security Bake-Off," where they also will provide proof-of-concept attack examples.

News Source : Security Holes Found In Some DLP Products
Copy this html code to your website/blog to embed this press release.