Friday, April 19, 2024

Antivirus Firm Exposed Internal Log data Generated by their Products

EMSISOFT, Antivirus Firm revealed a data breach on one of their test systems. The company used the system to evaluate and benchmark possible solutions relating to the storage and management of the log data generated by their products and services.

Quickly after becoming aware of the breach, the company took the affected system offline and started an investigation.

The investigation of the exposed database revealed that the logs stored in the archive contained no personal information, except for 14 customer email addresses of 7 different organizations.

The experts pointed out that these 14 customer email addresses were included in scan logs due to detections of malicious emails stored in the users’ email clients.

“We discovered that the logged information contained no personal information whatsoever, except for 14 customer email addresses of 7 different organizations”, reads data breach notification published by the company.

The company, however, believes it is the right thing to inform all their customers about the incident, how exactly it happened, and what the company is planning to do to prevent similar incidents in the future.

An Insight into the Incident

The incident stems from the misconfiguration of a database, used in a test environment, that was exposed to the Internet.

The misconfigured system was used for evaluating future storage of the company’s logs and event data and additionally for benchmarking and evaluating.

Emsisoft seeded these systems with a subset of log records taken from production systems to better understand how the systems evaluating would perform given scenarios.

Unfortunately, due to a configuration error, one of the databases was accessible to unauthorized third parties from January 18th, 2021 to February 3rd, 2021.

The stolen data consists of technical logs produced by their endpoint protection software during normal usages, such as update protocols, and generally does not contain any personal information like passwords, password hashes, user account names, billing information, addresses, or anything similar.

Still, 14 customer email addresses were part of the scan logs due to detections of malicious emails stored in the users’ email clients.

Emsisoft experts believe that the attack was an automated attack and was not the result of a targeted campaign.

“Our traffic logs indicate that only parts of the affected database were accessed and not the entire database. However, due to technical limitations, it’s impossible to determine exactly which data rows were accessed”, reads the data breach notification.

New Policies in Place to Prevent any Similar Incidents

  • To perform all future tests and benchmarks in an isolated environment without internet access and with artificially generated data only.
  • To increase our investment in real-time attack surface analysis to be able to notice similar configuration issues sooner.
  • The company is also in the process of putting fallback security measures in place in case primary efforts fail.

The company already notified the affected users and implemented additional security measures to prevent similar incidents in the future.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...

Cisco Hypershield: AI-Powered Hyper-Distributed Security for Data Center

Cisco has unveiled its latest innovation, Cisco Hypershield, marking a milestone in cybersecurity.This groundbreaking...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles