“All you’d need is send one of those emails with an attachment to any of the recipients for a real nice spearphishing attack,” he said. The researcher didn’t test how far the account access could have given him, but warned it could have been easy to pivot onto the network. The researcher shared several screenshots to validate his findings. Emails in the mailbox contained the exact internal network path where drivers and files were stored. “It was a daily release mailbox where automated builds were sent,” said the researcher, who goes by the online handle SchizoDuckie, in a message to TechCrunch. The repo has since been wiped clean, though the GitHub account still exists. The repo in question was owned by an Asus engineer who left the email account’s passwords publicly exposed for at least a year. ![]() One password, found in an employee repo on the code sharing, allowed the researcher to access an email account used by internal developers and engineers to share nightly builds of apps, drivers and tools to computer owners. ![]() Asus was warned of hacking risks months ago, thanks to leaky passwordsĪ security researcher warned Asus two months ago that employees were improperly publishing passwords in their GitHub repositories that could be used to access the company’s corporate network.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |