My Shared Links — Week 38/2022

Xavier «X» Santolaria
2 min readSep 26, 2022

Collection of the resources and links I have found insightful and shared during week #38 of 2022.

Photo by FLY:D on Unsplash

AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes

Before it was patched, AttachMe could have allowed attackers to access and modify any other users’ OCI storage volumes without authorization, thereby violating cloud isolation. Upon disclosure, the vulnerability was fixed within hours by Oracle. No customer action was required.

Over 39,000 Unauthenticated Redis Instances Found Exposed on the Internet

Stop believing that because it works and meets technical requirements that it’s OK and secure by default.

An unknown attacker targeted over 39,000 of unauthenticated Redis servers exposed on the internet in an attempt to install a cryptocurrency miner.