Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.
Latest posts by Esme Greene (see all)
- Ukraine Police Bust Fraud Scheme - October 15, 2023
- Saudi Man Sentenced for X & YouTube - October 15, 2023
- Pro-Russia Hackers Leak Military Data - October 15, 2023
The media server software provider Emby has disclosed that it remotely shut down some of its users’ servers that were hacked as a result of an acknowledged flaw and an unsafe administrator account configuration.
Emby Breach: Malicious Plugin & Exploited Vulnerability
In response to the breach, Emby has added a message to the log files of affected servers, notifying users that a malicious plugin was discovered on their systems, likely installed without their knowledge. As a precautionary security measure, the company has disabled the Emby servers.
Emby has not disclosed the precise number of compromised servers, but one of the business’s engineers wrote a message in the Emby forum with the subject “How We Destroyed a Botnet of 1,200 Hacked Emby Servers in 60 Seconds,” highlighting the seriousness of the situation.
The attack campaign began earlier this month, with the hackers specifically targeting Emby’s private servers that were accessible over the Internet. They focused on servers that allowed password-free administrator access from the local network.
To access the vulnerable servers from outside the network, the attackers leveraged a “proxy header vulnerability.” This allowed them to deceive the servers into behaving as if the connection was from the local network, granting unauthorized access without requiring a password. The vulnerability, known since February 2020, has recently been patched in the Emby software beta channel.
The criminals succeeded in installing malicious plugins on the infected servers by taking advantage of the vulnerability they had discovered. These plugins were made primarily to collect the login information from anybody accessing the stolen servers.
Emby Security Measures
Emby’s security team conducted a thorough analysis and devised strategies to address the situation. They have released an update for Emby’s servers, enabling them to detect the malicious plugin and prevent it from being downloaded.
Emby took preventative action by actively shutting down the impacted servers. This was done in an effort to stop the malicious plugin from functioning and prevent the problem from getting worse while administrators were paying close attention.