urlscan.io's SOAR spot: Chatty security tools leaking private data | allinfosecnews.com

Nov. 2, 2022, 1 p.m. |

Positive Security | IT Security research and happy coincidences positive.security

We explore the security service urlscan.io and showcase through various "dorks" that their searchable scan database is a treasure trove of URLs pointing to sensitive user information, allowing account takeover, and much more. Part of the data has been leaked in an automated way by other security tools (SOARs) that accidentally made their scans public.

data private data security security tools soar tools

More from positive.security / Positive Security | IT Security research and happy coincidences

Hacking Auto-GPT and escaping its docker container 10 months ago | positive.security

auto auto-gpt code container +13

Ransacking your password reset tokens 1 year, 3 months ago | positive.security

application applications brute brute-force +16

urlscan.io's SOAR spot: Chatty security tools leaking private data 1 year, 5 months ago | positive.security

data private data security security tools +2

From XSS to RCE (dompdf 0day) 2 years, 1 month ago | positive.security

0day dompdf rce xss

Find You: Building a stealth AirTag clone 2 years, 2 months ago | positive.security

Recovering redacted information from pixelated videos 2 years, 3 months ago | positive.security

information videos

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Application Security Engineer - Remote Friendly

@ Unit21 | San Francisco,CA; New York City; Remote USA;

View on infosec-jobs.com

Cloud Security Specialist

@ AppsFlyer | Herzliya

View on infosec-jobs.com

Malware Analysis Engineer - Canberra, Australia

@ Apple | Canberra, Australian Capital Territory, Australia

View on infosec-jobs.com

Product CISO

@ Fortinet | Sunnyvale, CA, United States

View on infosec-jobs.com

Manager, Security Engineering

@ Thrive | United States - Remote

View on infosec-jobs.com