I think something that should have been in the title is that the breach was faci... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		skarz on Feb 28, 2023 \| parent \| context \| favorite \| on: LastPass says DevOps engineer’s hacked computer le... I think something that should have been in the title is that the breach was facilitated by a vulnerability in an application that many users here might have, Plex. They don’t speak on the nature of the vulnerability in that application. Has it been addressed and fixed through security patches already, or is Plex still potentially dangerous right now?

q1w2 on Feb 28, 2023 [–]

Plex devs commented in Reddit that this is the first they've heard of it and haven't identified any RCE, let alone patched anything.

So if you're running a Plex server, you should disable public access immediately.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact