GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    JayeLTee (jayeltee@infosec.exchange)'s status on Friday, 21-Mar-2025 21:37:05 JST JayeLTee JayeLTee

    Dealing with something ridiculous at the moment that is a great example of just how 'easy' it really is to close down exposed data:

    Found a server recently with no access controls at all that was hit by ransomware in May 2024 and most of the data is encrypted. (It got hit by an automated script, it wasn't targeted by a ransom group)

    Found a non encrypted directory:

    The company is STILL uploading, monthly, hundreds of millions of records of logs with their clients data.

    Tried to reach out to the company, nothing. Company is from AUS so I tried ASD, nothing.

    I sent an email to AUSCERT, they validated with me the issue and forwarded the information and my contact to ASD, they also tried to reach out to the company themselves.

    Not a word from anyone and the server is still exposed a month after my initial alerts.

    Logs are still being uploaded to the server so it's obvious no one did anything.

    So what am I supposed to do here?

    #cybersecurity #infosec #ransomware #asd #australia

    In conversation about 2 months ago from infosec.exchange permalink

    Feeds

    • Activity Streams
    • RSS 2.0
    • Atom
    • Help
    • About
    • FAQ
    • TOS
    • Privacy
    • Source
    • Version
    • Contact

    GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

    Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.