Some undisclosed number of user-hosted Emby media server instances compromised with a malicious plugin in recent attacks have been shut down, reports BleepingComputer.
Internet-exposed private Emby servers have been targeted since mid-May, with threat actors exploiting a known proxy header security flaw to obtain access to admin servers and later deploy a plugin meant to exfiltrate all user credentials in hacked servers, according to Emby.
"After careful analysis and evaluation of possible strategies for mitigation, the Emby team was able to push out an update to Emby Server instances which is able to detect the plugin in question and prevents it from being loaded. Due to the severity and the nature of this situation and in an abundance of caution we are preventing affected servers to start up again after the detection," noted Emby, which also recommended the immediate removal of the helper.dll or EmbyHelper.dll files, as well as include the "emmm.spxaebjhxtmddsri.xyz 127.0.0.1" line in their hosts file to prevent malware access to threat actors' server.
This week we talk about finding, acquisitions and the state of the market. If you're interested in cybersecurity market discussion, this is the episode for you.
We also discuss what makes a cybersecurity influencer.
As companies migrate to the cloud, the industry needs a new way to manage data and network security, but security analysts warn that only the most well-heeled enterprises can afford the new zero-trust open approach Oracle touts.
Operators of the Bumblebee malware loader have launched a new campaign involving the exploitation of 4shared Web Distributed Authoring and Versioning services following a two-month hiatus, according to BleepingComputer.