That NodeJS supply chain hack incident is amazing because the threat actor(tm) got RCE access to like a billion devices and ran the world’s shittest Etherum dumper.
-
That NodeJS supply chain hack incident is amazing because the threat actor(tm) got RCE access to like a billion devices and ran the world’s shittest Etherum dumper.
Imagine if they had done reverse shells instead, or automated lateral movement to ransomware deployment NotPetya style.
The thing that saved companies here was the threat actor was incompetent crypto boy, nothing more.
-
That NodeJS supply chain hack incident is amazing because the threat actor(tm) got RCE access to like a billion devices and ran the world’s shittest Etherum dumper.
Imagine if they had done reverse shells instead, or automated lateral movement to ransomware deployment NotPetya style.
The thing that saved companies here was the threat actor was incompetent crypto boy, nothing more.
I cannot tell you have many security incidents I’ve worked at orgs on critical national infrastructure over the years where the threat actor got access and *mind boggles* deployed coin miners.
No really, I don’t think I can you tell you, I’d get sued
-
I cannot tell you have many security incidents I’ve worked at orgs on critical national infrastructure over the years where the threat actor got access and *mind boggles* deployed coin miners.
No really, I don’t think I can you tell you, I’d get sued
Around ten years ago, one of the FreeBSD developers had an SSH key compromised. This key gave access to the machine with our subversion server on it. And, due to how svn worked, every user had write access to the directory containing the repo.
Subversion does not have any way of doing integrity checks, so the recovery process involved (via a script) checking out each revision in turn, then doing the same with a git mirror, and validating that they were the same.
Audit logs showed that the attacker had logged in, tried running a few Linux commands, got error messages, and logged out. We were incredibly fortunate that they didn’t do anything more serious.
-
Around ten years ago, one of the FreeBSD developers had an SSH key compromised. This key gave access to the machine with our subversion server on it. And, due to how svn worked, every user had write access to the directory containing the repo.
Subversion does not have any way of doing integrity checks, so the recovery process involved (via a script) checking out each revision in turn, then doing the same with a git mirror, and validating that they were the same.
Audit logs showed that the attacker had logged in, tried running a few Linux commands, got error messages, and logged out. We were incredibly fortunate that they didn’t do anything more serious.
@david_chisnall @GossiTheDog I once investigated a breach of a majorly critical UNIX system that could have killed a multinational company, and found that the guy typed "DIR C:" in the shell he got, tried some more MS DOS commands in vain, and gave up
-
undefined Stefano Marinelli ha condiviso questa discussione
