Skip to main content
close search
site logo
Dive Brief

Researchers find vulnerabilities inside multiple virtual event, business platforms

Published Feb. 25, 2021
David Jones's headshot
Reporter
Pexels

Dive Brief:

  • Researchers at Huntress uncovered vulnerabilities at two of the nation's top virtual event platforms — including Webcasts.com, which works with integrated customers at 6Connex — where personally identifiable information, including names, emails and IP addresses were leaked during live events. 

  • Researchers attending events through a platform called VFairs were able to access other attendee profiles, a flaw that opened up the possibility of more nefarious activity including remote code execution and cross scripting attacks.

  • These virtual event platforms have been used in certain cases by top companies and government agencies, including the U.S. Food and Drug Administration, Ford, Google and labs for COVID-19 research, according to Huntress officials. Both VFairs and 6Connex were contacted by Huntress researchers and the vulnerabilities have since been patched.

Dive Insight:

The flaws uncovered in these virtual event platforms raise questions about supply chain vulnerabilities, data protection and how sensitive data from Fortune 500 companies and critical government agencies can become vulnerable to bad actors, according to researchers. 

Virtual platforms have proliferated across the U.S. and in numerous other countries, as the COVID-19 pandemic forced companies to transition many of their workers to operate remotely with live meetings and events canceled. Data from Bizzabo shows 93% of event organizers plan to invest in virtual events moving forward. 

These types of vulnerabilities go well beyond event platforms, according to Huntress Co-Founder and CEO Kyle Hanslovan, and have been found in other virtual platforms that companies use for even more sensitive business applications. 

For example, a site called Axial, which is a mergers and acquisitions platform for buying, selling and financing mid-market companies, had a similar vulnerability where hackers dumped more than 250,000 confidential documents. 

Information on the incident was shared on a hacker forum on Telegram in early January and later posted to Twitter, according to Huntress researchers. Axial did not immediately respond to Cybersecurity Dive's request for comment. 

Hanslovan argues thousands of small- to mid-sized companies are vulnerable to attacks like this and the general public never hears about them. 

"The supply chain threat has always been there" he said. "We're just driving some of the awareness."

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell