"Malware Scanning Services Containers for Sensitive Business Information" "Malware scanning services could be the next listening outpost for criminals and nation-state attackers as more of these services such as VirusTotal are becoming containers for personal, business and even classified information because of some organizations’ policy decision to upload every file, document and email... ...At the Kaspersky Lab Security Analyst Summit, Neis shared his research into the problem and how with some crafted Yara rules he was able to return thousands of emails marked as confidential, as well as corporate business plans, government emails and 800 FBI Flash Alerts marked as either Amber or Red through the Traffic Light Protocol, neither designation of which is meant to be shared and is considered classified. Neis said there are no shortage of PGP keys, VPN credentials and SSH private keys sitting in documents uploaded to VirusTotal and surely other scanning services... Google-owned VirusTotal has taken measures to cut down on abuses of its service. But licensed users do have the ability to download files; Neis said he uploaded a Word document that contained a Canarytoken that alerted him to when the file was accessed and within two days, it had been distributed and downloaded in the U.S., Germany, Russia and Poland..." https://threatpost.com/malware-scan...rs-for-sensitive-business-information/124802/
