Comment on OpenClaw instances open to the internet present ripe targets
CombatWombatEsq@lemmy.world 2 days ago
This excerpt is the most astonishing to me:
STRIKE also mentioned 12,812 OpenClaw instances it discovered being vulnerable to an established and already patched remote code execution bug. As of this writing, the number of RCE-vulnerable instances has jumped to more than 50,000. The number of instances detected that were linked to previously reported breaches (not necessarily related) has also skyrocketed from 549 to over 53,000, as has the number of internet-facing OpenClaw instances associated with known threat actor IPs.
You’re telling me there’s a patch for an RCE, and the number of affected instances has not only not gone down, it has in fact increased 100x?
borari@lemmy.dbzer0.com 2 days ago
Honestly not surprised. Organizations have patch and vulnerability management procedures, people just run shit until they’re prompted to update, and if they git cloned they’ll probably never be prompted.
CombatWombatEsq@lemmy.world 1 day ago
Right, but why would that lead to the number increasing? If there’s a fix on main, new clones wouldn’t have the vulnerability?
frongt@lemmy.zip 1 day ago
Newly detected. They were probably already there, just not scanned.
borari@lemmy.dbzer0.com 1 day ago
Or not exposed to the internet. Maybe the owner pulled the repo previously, left their weekend project alone for a bit, then came back to it after all this media attention.