Comment by nodesocket
Comment by nodesocket 6 days ago
How are they getting access to the PostgreSQL database, unless this running code can communicate with it? That’s a big red flag, user provided code should always be sandboxed and isolated right?
Comment by nodesocket 6 days ago
How are they getting access to the PostgreSQL database, unless this running code can communicate with it? That’s a big red flag, user provided code should always be sandboxed and isolated right?
Sure, but connections from these worker machines shouldn’t be allowed directly to the database.
The exfiltrated environment variables contained these entries:
``` "POSTGRESQL_DATABASE": "(CENSORED)", "POSTGRESQL_HOST": "(CENSORED)", "POSTGRESQL_PASSWORD": "(CENSORED)", "POSTGRESQL_USER": "(CENSORED)", ```