Friday, October 22, 2021

Web host Epik was warned of a critical website bug weeks before it was hacked – TechCrunch

- Advertisement -

Must read

Hackers associated with the hacktivist collective Anonymous say they have leaked gigabytes of data from Epik, a web host and domain registrar that serves far-right sites such as Gab, Parler, and 8chan, which found refuge with Epik after they were booted from the main platforms. .

On a declaration Attached to a torrent file of the data downloaded this week, the group said the 180 gigabytes equates to a “decade” of company data, including “everything that is needed to track actual ownership and management” of the company. . The group claimed to have customer payment histories, purchases and transfers of domains, passwords, credentials and employee mailboxes. The stolen data cache also contains files from the company’s internal web servers and databases that contain customer records for domains that are registered with Epik.

The hackers did not say how they obtained the breached data or when the attack took place, but timestamps in the most recent files suggest that the attack likely occurred in late February.

Epik initially told reporters that it was unaware of a violation, but a e-mail send by founder and CEO Robert Monster on Wednesday alerted users to a “suspected security incident.”

TechCrunch has since learned that Epik was warned of a critical security flaw weeks before its breach.

Security researcher Corben Leo contacted Epik CEO Monster via LinkedIn in January about a security vulnerability on the web host’s website. Leo asked if the company had a bug bounty or a way to report the vulnerability. LinkedIn showed that Monster had read the message but did not respond.

Leo told TechCrunch that a library used on Epik’s WHOIS page to generate PDF reports from public domain records had a decade-long vulnerability that allowed anyone to remotely execute code directly on the internal server without any authentication, as a company password.

“Could you paste this [line of code] there and run any command on their servers, ”Leo told TechCrunch.

Leo ran a proof-of-concept command from the public WHOIS page to ask the server to display his username, which confirmed that the code could run on Epik’s internal server, but did not test to see what access the server had . so it would be illegal.

It is not known whether the Anonymous hacktivists used the same vulnerability that Leo discovered. (Part of the stolen cache also includes folders related to Epik’s WHOIS systembut the hacktivists did not leave contact information and could not be reached for comment.) But Leo argues that if a hacker exploited the same vulnerability and the server had access to other servers, databases, or systems on the network, that access could have allowed access. to the type of data stolen from Epik’s internal network in February.

“I really guess that’s how they got owned,” Leo told TechCrunch, who confirmed that the flaw has since been fixed.

Monster confirmed that it received the message from Leo on LinkedIn, but did not answer our questions about the breach or say when the vulnerability was fixed. “We have bounty hunters who offer their services. I probably thought it was one of those, “Monster said. “I’m not sure if I did. Do you respond to all your LinkedIn spam? “

Do Not Miss

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Bank of America Says To Buy These Energy Stocks And Sell...

0
Oil prices are rising, and Bank of America is recommending that clients buy energy stocks and ditch certain consumer names.

Browns vs Broncos live score, updates, highlights of the NFL game...

0
Case Keenum will make his first NFL start since 2019 when the Browns host the Broncos on "Thursday Night Football." Keenum is in the lineup...

NBA 75 Team Revealed: Full Player Roster Information

0
The NBA has revealed all 75 members of its 75th anniversary team and the names included did not disappoint. MORE: Who was part of the...

isi: Pakistani prime minister likely to appoint ISI head today –...

0
ISLAMABAD: Pakistani Prime Minister Imran Khan is expected to issue a notification for the appointment of a new director general of Interservice Intelligence (ISI)...

T20 World Cup 2021: “Jos Buttler has to shoot with the...

0
Former England fast bowler Steve Harmison described how Jos Buttler's impact at the top of the order is crucial to England's chances of winning...

China can move towards relaxed monetary policy, but it must act...

0
People walk past the headquarters of the People's Bank of China (PBOC), the central bank, in Beijing, China, on September 28, 2018. Jason Lee...

Russia’s Putin Receives Israeli Prime Minister Bennett to Speak on Syria...

0
The meeting in Sochi marks the first in-person talks between the two world leaders.Russian President Vladimir Putin has hosted new Israeli Prime Minister Naftali...

3 really cool jobs you can apply for this weekend

0
If you are looking for a new job, you have surely come to the right place! We have a host of incredible opportunities...

Inside the Microsoft Open Source Program Office

0
Leave the OSS Enterprise Newsletter guide you opened source trip! sign up here. Microsoft hasn't always been a bastion of open source software (OSS) -...

Ethiopian airstrikes in Tigray force UN flight back

0
NAIROBI, Kenya (AP) - Ethiopian military airstrikes on Friday forced a United Nations humanitarian flight to abandon its landing in the capital of the...

Who is playing Thursday Night Football tonight? Broncos vs Brown

0
The Cleveland Browns are beaten and are coming off one of their worst weeks in the Baker Mayfield era. The Browns lost to...

Jiri Prochazka shows off a new hairstyle when he’s ready to...

0
Jiri Prochazka has apparently changed his hairstyle ahead of this month's highly anticipated UFC 267 undercard.The Czech MMA star will serve as the backup...

Elon Musk says Starship should be ready for first orbital launch...

0
SpaceX's Starship rocket is still under development in southeast Texas, with great progress on key elements such as building the launch tower and installing...

The FTC study of the six largest ISPs finds that some...

0
Tonya Riley / CyberScoop: The FTC's study of the six largest ISPs reveals that some do not fully inform consumers about...

Looking for Australia’s climate tipping point

0
The letter from Australia is a weekly newsletter from our Australia office. Register to receive it by email.One...

Pakistan eases travel restrictions and announces aid for Afghanistan | ...

0
Islamabad, Pakistan - Pakistan will provide more than $ 28 million in immediate humanitarian aid to Afghanistan and ease travel and trade restrictions at...

Trump SPAC’s market cap is approaching $ 4.7 billion – TechCrunch

0
For a roundup of the biggest and biggest TechCrunch stories in your inbox every day at 3pm PDT, subscribe here. Friday! Dear friends, we...

New York Knicks vs Orlando Magic: Injury Report, Predicted Lineups, and...

0
The New York Knicks will travel to Amway center in Orlando, Florida, to face a young Orlando Magic team on Friday in NBA 2021-22....

GTA The Trilogy Definitive Edition Official System Requirements Revealed

0
After months of leaks and rumors, Rockstar Games finally announced that GTA The Trilogy - The Definitive Edition will be released on November 11,...

Barcelona vs. Real Madrid: time, TV, transmission, betting odds for the...

0
It is one of the essential matches of the European season for millions of fans around the world: the Spanish giants Barcelona and Real...

Seven dead in attack on Rohingya refugee camp: police

0
BALUKHALI, BANGLADESH: The attackers killed at least seven people in an assault on Friday at an Islamic seminary in a Rohingya refugee camp on...

Drew McIntyre breaks silence after failing to capture WWE Championship at...

0
Drew McIntyre broke his silence after WWE Crown Jewel 2021. On Twitter, McIntyre said goodbye to the Monday Night RAW red brand and is...

The data on diversity is not very transparent: what is the...

0
Fran benjamin Taxpayer Share on Twitter Fran Benjamin is Managing Partner of Good Works Consulting. Monique cadle Taxpayer Monique Cadle is a founding partner of Good Works Consulting and vice...

Covid-19: As virus cases rise, so do pleas for Russians to...

0
NIZHNY NOVGOROD, Russia: As she stood in the morgue courtyard holding the body of her grandmother who died of Covid-19, Ramilya Shigalturina had a...

Tesla Shares (TSLA) Hit All-Time High

0
Tesla CEO Elon Musk gestures while visiting the Tesla Gigafactory construction site in Gruenheide, near Berlin, Germany, on August 13, 2021.Patrick Pleul | ...

Trump social media SPAC Digital World Acquisition Corp. another 100% emerges

0
Former US President Donald Trump announced plans on October 20 to launch his own social media platform called "TRUTH Social," which is expected to...

Can Weidmann’s departure help Germany rebuild strained relations with the ECB?

0
Jens Weidmann, head of Germany's Bundesbank, has been a lonely voice among Europe's central bankers for a decade.In 2012, just after the then head...

BMW to phase out fossil fuel burning engines from main plant...

0
FILE PHOTO: A BMW i4 from the German luxury automaker is seen during the company's annual press conference in Munich, Germany, on March 21,...

Korean company willing to invest P5B to produce e-jeeps, e-cars in...

0
A Korean company, known for making fire trucks and fire fighting products, will invest P5 billion to produce electric cars and electric jeepneys in...

How should healthcare workers protect themselves against COVID-19?

0
The WHO estimates that up to 180,000 healthcare workers have died from COVID since January 2020.

Thousands of refugees and migrants call for the evacuation of Libya...

0
Thousands of refugees and migrants have camped outside a United Nations center in Tripoli for three weeks, calling for the evacuation of Libya in...

JPMorgan Says Time To Buy Zoom Video After Shares Halve From...

0
Zoom founder Eric Yuan speaks before the Nasdaq opening bell ceremony on April 18, 2019 in New York City.Kena Betancur | fake imagesJPMorgan...

Israel accuses Palestinian human rights groups of terrorism

0
JERUSALEM (AP) - Israel on Friday declared six prominent Palestinian human rights groups terrorist organizations and said they were secretly linked to a left-wing...

Tencent says a now-fixed vulnerability made some of WeChat’s content available...

0
Zheping Huang / Bloomberg: Tencent says that a now-fixed vulnerability made some WeChat content available to Google and Bing, both of...

Stephen Curry names 3 veterans besides Klay Thompson and Draymond Green...

0
Stephen Curry and the Golden State Warriors are off to a dream start to the 2021-22 NBA season. The Warriors are up 2-0...

Former WWE Superstar on Braun Strowman’s potential outside the company

0
EC3 believes that Braun Strowman had a great career in WWE.EC3 was the last guest on INSIGHT with Chris Van Vliet to discuss his...

US Regulators Support Efforts to Address Climate Risks

0
WASHINGTON (AP) - U.S. financial regulators on Thursday approved a series of steps to address the dangers that climate change poses to the nation's...

China’s hypersonic glider weapons test threatens to fuel a new arms...

0
A new focus on hypersonic glider weapons, following a reportedly successful Chinese trial, is helping fuel an arms race that is eclipsing hopes of...

Willie Taylor’s wife moved in to address husband issues, says she...

0
Phew! Willie Taylor's wife Shanda got off the ground by addressing some of his claims after he moved in earlier to clarify why...

Foreign aid lost in Syria exchange rate distortions

0
BEIRUT (AP) - Syrian President Bashar Assad's government has used distorted exchange rates to divert at least $ 100 million in international aid to...

Will Joel Embiid play the Brooklyn Nets tonight?

0
Joel Embiid's Philadelphia 76ers will face the Brooklyn networks at the Wells Fargo Center tonight for an engaging 2021-22 NBA game.The 76ers will look...

China vows not to make concessions on Taiwan after Biden’s comments

0
Aged anti-landing barricades are set up on a beach facing China on the Taiwanese island of Kinmen which, in some spots, is just a...
- Advertisement -

Don't Miss