PR fight ensues after claims of leaked Carbon Black data

Two well-funded cybersecurity firms jumped into a public relations fight Wednesday after one alleged that the other had allowed third parties to profit off leaked sensitive customer data. DirectDefense President Jim Broome wrote in a blog post published Wednesday that his firm had found evidence of improper conduct on the part of Carbon Black, a seller of endpoint security software products. DirectDefense, a managed and full service provider of security offerings, said it found an apparent flaw in the architecture of a popular Carbon Black product named Cb Response. This flaw allegedly allowed for a leak of sensitive customer information onto multi-scanning services like VirusTotal, a popular malware repository. The inadvertently leaked data, according to Broome, could be resold by third parties. “Files uploaded by Cb Response customers first go to Carbon Black (or their local Carbon Black server instance), but then are immediately forwarded to a cloud-based multiscanner, where they … Continue reading PR fight ensues after claims of leaked Carbon Black data