Image: Raphael Gaillarde/Contributor, Konstantin Fedorov, Emily Lipstein/Motherboard
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Advertisement
In a recent announcement, Laserfiche disclosed that file upload vulnerability publicly. Edwards believes this was the vulnerability responsible for the uploads on government sites."The vulnerability described here in this advisory is being exploited in a way where an unauthenticated third party can use Laserfiche Forms to temporarily host uploaded files for distribution," the Laserfiche announcement reads. Laserfiche has released various security updates, some of which reduced the window of time where an uploaded file can be shared to five minutes. The company told Motherboard the patches are for major versions of Laserfiche software released in the last five years.Do you know about any compromises of government or military sites? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.
Advertisement