A Google Dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website. Google dorking, also known as Google hacking, can return information that is difficult to locate through simple search queries. The attacker can use these complex queries to find information that is accidentially published on the Internet usually by an accidental configuration error in a company’s online software solutions.
Recently, Trello was cited by security researcher, Craig Jones (see image below), for the reams of Non-Public Personally Identifiable (NPPI) information an HR onboarding Trello board had published to the Internet. Trello is a project management and Human Resourcing tool that allows you to publish your projects to the public Internet. Unfortunately, some HR organizations have publicly published salary information, passwords, and addresses as revealed in this Google Dorking article.
Source: TechTarget
Related Readings: Google Dorks: An Easy Way of Hacking
SMB employees should be aware of the information they are handling and what they can do to ensure this doesn’t happen to them. There are a few options to reduce the likelihood of this happening. One option is to train your employees on cybersecurity basics to improve their awareness on issues like this. SMB’s can also limit the number of employees with administrative rights to these online applications. Doing this while also holding administrators accountable for the proper handling and protection of critical information can sometimes prevent an accidental release of critical and sensitive information. Finally, you may want to develop an approval and cybersecurity review process for the online Cloud solutions your SMB allows to be implemented. Train your employees not to just start using such services without registering them through a known, well-published process that all employees sign off on following.
https://www.youtube.com/watch?v=HH6edTy3mQI&feature=emb_logo
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...
Read moreA newly uncovered cyberattack campaign is exploiting Zoom’s Remote Control feature to infiltrate the systems...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.