4/10/2023 0 Comments Nessus crackedOn the filesystem, we discovered an RSA key and a Linux service file containing a connection string. ![]() From there, we were able to explore the filesystem of the VM image. VPNOverview’s security team downloaded the VM image and mounted the filesystem, bypassing the passwords associated with the machine. No customer data was exposed during the course of this investigation. ![]() The key allowed us to log in to a workstation and access sensitive information. Our team could enter Moss Adams’ corporate cloud using an RSA key from the VM’s filesystem. We disclosed the breach on April 15, and Moss Adams secured their cloud network shortly afterward. VPNOverview’s security team in April discovered an improperly stored virtual machine (VM) image that belongs to Moss Adams, one of the largest public accounting firms in the U.S.Īccess to the image, which was stored in a publicly accessible Amazon Web Services S3 bucket, did not require a password.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |