zlacker

>>itcrow+(OP)
>“Netsential confirmed that this compromise was likely the result of a threat actor who leveraged a compromised Netsential customer user account and the web platform’s upload feature to introduce malicious content, allowing for the exfiltration of other Netsential customer data.”

So they are spinning it as a user's fault? Not the fault of Netsential for allowing malicious content to be a problem...

>>voiper+83
This smells of legacy PHP where any PHP file uploaded to a web-accessible folder can be executed.

>>Nextgr+e7
The article mentions a compromised user account so the attackers were probably able to just upload files directly through the compromised hosting account. Plus what's interesting is they don't mention the server itself being compromised. I'm wondering if this was a permissions issue that allowed the attackers to traverse directories on the server to the other hosted sites.