At a time when most organizations have rushed to take their events virtual, multiple zero-day vulnerabilities found in event platforms frequented by the Fortune 500 offer hackers access to personal and corporate information.
Researchers at Huntress have uncovered software flaws and misconfigurations in two of the top five virtual event platforms: VFairs, which counts among its customers Ford, T-Mobile, IEEE and Pearson, and 6Connex. Among the issues identified are information disclosure or personal identifiable information leakage, direct access to databases and potential remote code execution.
“At this point, we can’t predict whether information was actively stolen or compromised by attackers or unauthorized users,” Huntress Senior Security Researcher John Hammond wrote in a blog post following a webinar aimed at managed service providers that revealed the company’s research.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.