New ask Hacker News story: Ask HN: Who else got pwned by the Next.js RCE?

Ask HN: Who else got pwned by the Next.js RCE?
4 by whycombinetor | 0 comments on Hacker News.
I'm a little embarrassed, but not sure what I could have done differently other than reading the Saturday email from GCP with the nondescript subject "New Advisory Notification". Ten hours later, GCP instance suspended due to crypto mining. Now looking at the disk image, it installed something at ~/nxt/ , installed a monero miner at ~/c3pool/ , and added several systemctl services to run these on startup. BRB, killing this machine with fire... This makes me think I should be running everything in Docker, even simple small stuff that "shouldn't" have any potential security issues. Fortunately this machine wasn't anything important for me and there was no sensitive data to exfil beyond AI API keys. But I imagine there's other orgs that just got catastrophically, irrecoverably pwned. What's your story? (RCE context: https://ift.tt/Cj5qU9E )

Comments

Post a Comment

Popular posts from this blog

How can Utilize Call Center Outsourcing for Increase your Business Income well?

Image
Call center outsourcing is not uncommon however, not every company can live up to the expectations of a great client. The service provider should have the ability to assist you obtain access to new abilities and competences in order to help you achieve efficiency and effectiveness in your company. Digital office providers assist business in providing unique, innovative solutions that are intended to custom-fit your personal small business needs. Some back office service providers also have fully-developed outbound calling and telemarketing services that you can utilize. The world has taken a huge leap with the technological revolution. What was impossible before now seems to be a matter of seconds. As we see more and more start-ups and digital companies emerging, we need to understand how we can account the rising number of BPO companies that can be helpful to us. Running a call center internally may be an expensive affair particularly when it...
Read more

New ask Hacker News story: EVM-UI – visual tool to interact with EVM-based smart contracts

EVM-UI – visual tool to interact with EVM-based smart contracts 21 by magnusgraviti | 8 comments on Hacker News. Hey HN! We've built https://evm-ui.com, a free tool that allows you to interact with smart contracts visually. It started as an internal project while building Web3 apps for clients — we needed something more flexible and lightweight than Remix or Etherscan's UI. Unlike Etherscan or Polygonscan, you don't need to verify and open-source your smart contract to get a working UI. Paste the ABI (or load it from a template) and proceed. With EVM-UI, you can - Import contracts by address + ABI, or paste ABIs directly - Read/write functions with auto-generated UI (supports all Solidity types, including arrays) - Execute actions with smart inputs (dropdowns, min/max helpers, etc.) - Switch between EVM chains, testnets, or local RPCs within one workspace - Use developer tools (Keccak256, ABI encoder/decoder, address utils) - Share environments with your team and your cl...
Read more

New ask Hacker News story: Ask HN: Should I quit my startup journey for now?

Ask HN: Should I quit my startup journey for now? 2 by lkuebler | 4 comments on Hacker News. One year ago I started as an intern at a start-up. Things evolved and we are now a team of two-founders and one developer (me). We are running out of money and so my bosses chose to not pay themselves and myself a salary. What can I do to get reimbursed for my work at the startup? Currently there's not much work for me but if the other two guys manage to close the ongoing funding round in approx. 3 months they want to hire me full-time. Can I demand equity from them in advance to assure my piece of the cake once the money has arrived? The answer they gave me to this was they would give me the shares once the round is closed. But this is only good for them, not for me. Right? I am very new to start-up things and really don't know how to act. Feel free to share your experiences with getting shares as one of the first employees in a start-up.
Read more