Thinking of Crypto-Mining on Your Selenium Grid? Review These Considerations
Hacker News reported a hacker campaign targeting older versions of Selenium (3.141.59 and prior). The attack allows malicious users to run XMRig crypto-miners on in-house Selenium grids, potentially leading to significant charges on cloud accounts if undetected. Security firm Wiz discovered the vulnerability affecting more than 30,000 instances of Selenium. Upgrading to the latest version and ensuring proper firewall configurations are recommended remedies. Sauce Labs customers are not exposed to this issue as they must authenticate to the platform, which prevents unauthorized access.
Company
Sauce Labs
Date published
Aug. 1, 2024
Author(s)
Tim Johnson (he/him/his)
Word count
565
Language
English
Hacker News points
None found.