Connect with us

Hi, what are you looking for?


Data Protection

New Pastebin Security Features Draw Criticism

Text storage service Pastebin last week announced the introduction of two new security features, but some industry professionals believe they will likely be abused by malicious actors.

Text storage service Pastebin last week announced the introduction of two new security features, but some industry professionals believe they will likely be abused by malicious actors.

The new features are Burn After Read, which causes pastes to be deleted after they are read, and Password Protected Pastes, which allows users to set a password for the data they post.

Pastebin announces new security features

In response to Pastebin’s announcement of the new features on Twitter, several cybersecurity experts said threat actors will likely abuse them for command and control (C&C) and other purposes, while making it more difficult for defenders to analyze their attacks.

Malware abusing Pastebin is not unheard of. One example is the WatchBog cryptocurrency miner, which fetched configuration data and payloads from Pastebin.

The new features introduced by Pastebin have been described as a “win for threat actors,” “protections for malicious data,” “an extra layer of protection for threat actors” and “a headache for the good guys.”

Several people claim they may configure their enterprise security solutions to either completely block Pastebin traffic or at least send out an alert when such traffic is detected.

However, not everyone agrees that the new security features will be found useful by threat actors. Some users welcomed the features, while others have pointed out that Pastebin’s competitors have offered these features for some time and malicious actors could have abused those if they really would have found them useful.

Advertisement. Scroll to continue reading.

SecurityWeek has reached out to Pastebin for comment, but the company has yet to respond.

Related: Mozilla Discontinues Firefox Feature Abused in Malware, Phishing Attacks

Related: Microsoft Says China-Linked Hackers Abused Azure in Attacks

Related: VLC Responds to Criticism Over Lack of HTTPS for Updates

Related: Zoom Rolls Out New Measures as Security Fears Mount

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.