Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/23/2020
11:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Digital Shadows Launches Sensitive Document Alerts With Added Context

New capabilities within SearchLight(TM) to detect exposed sensitive but not protectively-marked technical and commercial documents, including product designs and payroll data

London and San Francisco, November 23, 2020 - Digital Shadows, the leader in digital risk protection, has today launched new capabilities to alert its customers to potential document exposure. Misconfigured file stores containing companies’ sensitive documents are highly sought after by cybercriminals, due to the high value of the material they contain. Some examples found by Digital Shadows include payroll data, company tax documents, and proprietary product designs.

Sensitive documents are typically password-protected, are encrypted, or can only be opened by the intended recipient with log-in credentials. While these controls can be effective, sensitive documents are frequently compromised in transfer or back-up processes and then are widely traded by cybercriminals.

Digital Shadows SearchLight™ already detects exposure of a protectively marked document (i.e. a document that says "private and confidential" or another identifier). From December 1st, two new alert types will be added for exposed technical documents (including security assessments and product designs) and exposed commercial documents (such as legal and payroll data). These documents do not need to have protective markings to be identified and associated with their organizations.

Additionally, the new alerts contain context on the documents’ contents, providing clients with greater insight as to the severity of the alert. If a technical document is leaked, for example, the alert will note that it is a product-related document and assign it a high risk-prioritization score. Further context will also include when the document was last seen – and whether it is still online. Lastly, clients will receive domain information and file metadata, which can help to understand the original author and creation date of the misconfigured file store.

Russell Bentley at Digital Shadows explains: “Every day more product designs, security assessments, and payroll data are exposed online – and organizations have no idea. We give them new visibility into this problem and provide the best ways to mitigate the risks.”

The new capabilities discover ten document categories. Seven pertain to ‘exposed commercial documents’ and include alerts and insights for exposed financial, legal, personnel, and project information. For technical documents, there are three categories for infrastructure, products, and security. These new alert types benefit from SearchLight’s existing document discovery and analysis technology such as the ability to discover documents that sit within an archive file (such as a .zip).

ABOUT DIGITAL SHADOWS

Digital Shadows minimizes digital risk by identifying unwanted exposure and protecting against external threats. Organizations can suffer regulatory fines, loss of intellectual property, and reputational damage when digital risk is left unmanaged. Digital Shadows SearchLight™ helps you minimize these risks by detecting data loss, securing your online brand, and reducing your attack surface. To learn more, visit www.digitalshadows.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...