/plushcap/analysis/sauce-labs/crypto-mining-on-selenium-grid

Thinking of Crypto-Mining on Your Selenium Grid? Review These Considerations

What's this blog post about?

Hacker News reported a hacker campaign targeting older versions of Selenium (3.141.59 and prior). The attack allows malicious users to run XMRig crypto-miners on in-house Selenium grids, potentially leading to significant charges on cloud accounts if undetected. Security firm Wiz discovered the vulnerability affecting more than 30,000 instances of Selenium. Upgrading to the latest version and ensuring proper firewall configurations are recommended remedies. Sauce Labs customers are not exposed to this issue as they must authenticate to the platform, which prevents unauthorized access.

Company
Sauce Labs

Date published
Aug. 1, 2024

Author(s)
Tim Johnson (he/him/his)

Word count
565

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.