|
|
|
|
|
|
by Someone
1906 days ago
|
|
|
“Not quite”? We’re talking about the Ubiquiti discussed in https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-b..., are we? If so, and if that whistleblower is right, “attacker(s) had access to privileged credentials that were previously stored in the LastPass account of a Ubiquiti IT employee, and gained root administrator access to all Ubiquiti AWS accounts, including all S3 data buckets, all application logs, all databases, all user database credentials, and secrets required to forge single sign-on (SSO) cookies.” |
|
|