Found 2 bookmarks
Custom sorting
Grafana security update: no customer impact from GitHub workflow vulnerability
Grafana security update: no customer impact from GitHub workflow vulnerability
On April 26, an unauthorized user exploited a vulnerability with a GitHub workflow to gain unauthorized access to tokens, all of which have now been invalidated. At this time, our investigation has found no evidence of code modifications, unauthorized access to production systems, exposure of customer data, or access to personal information.
#grafana#en#2025#incident#investigation#vulnerability#GitHub#workflow#unauthorized#access#tokens
·grafana.com·
Grafana security update: no customer impact from GitHub workflow vulnerability
Patch or Peril: A Veeam vulnerability incident
Patch or Peril: A Veeam vulnerability incident
Delaying security updates and neglecting regular reviews created vulnerabilities that were exploited by attackers, resulting in severe ransomware consequences. Initial access via FortiGate Firewall SSL VPN using a dormant account Deployed persistent backdoor (“svchost.exe”) on the failover server, and conducted lateral movement via RDP. Exploitation attempts of CVE-2023-27532 was followed by activation of xp_cmdshell and rogue user account creation. Threat actors made use of NetScan, AdFind, and various tools provided by NirSoft to conduct network discovery, enumeration, and credential harvesting. * Windows Defender was permanently disabled using DC.exe, followed by ransomware deployment and execution with PsExec.exe.
#group-ib#EN#2024#Veeam#vulnerability#incident#ransomware#FortiGate#NirSoft
·group-ib.com·
Patch or Peril: A Veeam vulnerability incident