You are reading a single comment by @hippy and its replies.
Click here to read the full conversation.
London Fixed Gear and Single-Speed is a community of predominantly fixed gear and single-speed cyclists in and around London, UK.
This site is supported almost exclusively by donations. Please consider donating a small amount regularly.
hippy
small
Unsurprisingly the Ubiquiti breach was way worse than they originally reported because, you know, stock price:
https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/
Includes some gems such as:-
"
... the attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.
'Adam' says Ubiquiti’s security team picked up signals in late December 2020 that someone with administrative access had set up several Linux virtual machines that weren’t accounted for.
"