Security Operations, Data Security, API security, Vulnerability Management

Bluspark Global patches critical vulnerabilities after data exposure

Hacking the security. The threat of information leakage and the security of the system. Red open padlock among closed black ones. Close the gap, fix the problem.

(Adobe Stock)

A significant cybersecurity lapse at Bluspark Global, a key U.S. shipping technology company, has been addressed after vulnerabilities were discovered that could have allowed unauthorized access to sensitive customer data. The company has since patched these issues, according to a recent report by TechCrunch.

Security researcher Eaton Zveare uncovered five critical flaws in Bluspark's Bluvoyix shipping and supply chain platform, including the use of plaintext passwords and an unauthenticated API. These vulnerabilities could have enabled attackers to access decades of customer shipment records and remotely interact with the software. Zveare reported that the API allowed for the retrieval of user account records, including administrator credentials, and the creation of new administrative accounts without any authentication.

The platform is used by numerous large companies across various sectors, including retail and grocery, making the potential impact widespread. Bluspark Global has stated that the issues are now resolved and plans to implement a formal bug disclosure program.

Source: TechCrunch

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BitBlock CipherChecksumCold Warm Hot Disaster Recovery SiteCountermeasureCronCryptographic Hash FunctionsDaemonData AggregationData Loss Prevention (DLP)

You can skip this ad in 5 seconds