---

告白される覚悟を決めるマケイン八奈見杏菜＋α模写集。

＃マケイン　＃八奈見杏菜

---

印度杀毒软件 eScan 更新基础设施被用来投毒，黑客入侵其更新服务器并通过 eScan 更新机制向客户投放恶意载荷。问题是被攻击后 eScan 自己还没发现，还是其他同行公司发现异常后进行通报才阻断攻击，由于病毒还会修改 hosts 文件阻断 eScan 更新，因此客户只能联系其支持工程师手动排查：https://www.landiannews.com/archives/111725.html?utm_source=x.com&utm_medium=social&utm_campaign=杀毒软件被劫持用来投毒+印度杀毒软件eScan更新基础设施被黑用于投毒

---

#CloudCone 被黑事件：你以为他们很专业，其实都是业余玩家，甚至在工单中提交明文root密码。根据Virtualizor的回复，攻击源头在于Virtualizor工单被黑，里面有1500个工单被查看，部分工单包含VPS提供商提交的明文 root 密码，且长期不更换暴露的密码，还没设置白名单访问：ourl.co/111724?x

---

Virtualizor has released the technical details regarding the recent wave of attacks on Cloudcone, HostSlick, and others. The breach was not a direct software exploit, but a session hijacking attack on their support ticket system.

Attackers gained access to approximately 1,500 tickets where providers had carelessly sent plain-text root credentials via email instead of using secure forms.

The compromised providers were vulnerable because they failed to rotate these passwords after support cases were resolved - some credentials were over a year old - and did not have IP whitelisting enabled for their Admin Panels or SSH.

Virtualizor is urging all admins to immediately rotate any root passwords previously shared in tickets and to restrict Admin Panel access to trusted IPs only.

Source: Hosteroid on LET

---

Them 😭

---

マケイン落書き２ | JUDD #pixiv pixiv.net/artworks/140685542