"Researchers at cybersecurity firm Armis Inc. today said they have uncovered three critical vulnerabilities in APC Smart-UPS that could allow attackers to manipulate the power of millions of enterprises..." https://siliconangle.com/2022/03/08...abilities-expose-millions-businesses-hacking/
APC warns of critical unauthenticated RCE flaws in UPS software - April 24, 2023 https://www.bleepingcomputer.com/ne...al-unauthenticated-rce-flaws-in-ups-software/ Read there more!
It's my understanding that these are the Enterprise class devices that are remotely managed, not consumer based devices that sit under your desk.
I get that they are remote managed, but all connections to Enterprise devices should be done over one's private or corporate network. Who was allowed to connect them directly to the public internet where they are exposed to potential adversaries? In the article linked earlier, it was stated: "General security recommendations provided by the vendor include placing mission-critical internet-connected devices behind firewalls, utilizing VPNs for remote access, implementing strict physical access controls". Well, yeah...
You'd be surprised how many people run a data center from home. I'm not defending it, just acknowledging it.
Cool! I suppose if there is really that much low hanging fruit available, they are not going to come after me, LOL!
That's probably more true than you think it is. As long as 123456 is one of the most common passwords in use, there is plenty of low hanging fruit. Plus, you just won the Nigerian lottery!!!
