Don’t you think that this “security researcher” should be held accountable for his behavior?
Only because of his irresponsible publication of an attack script on Cyberpanel 22,000 servers were destroyed.
Can’t he be prosecuted? And sue him for damages?
If we all do that to him, then he could be in big trouble.
Does anyone know the name and address where he can be reported?
The problem from my point of view is a “security researcher” who found a BUG and it was good for his ego to publish this bug without the Cyberpanel developers having enough time to close this bug and warn the community.
And why this idiot (sorry for the choice of words) then publishes a ready-made script in his blog with which any idiot can immediately take over servers - I don’t know.
I’m very angry with this guy, because the drama with more than 22,000 destroyed servers is entirely his responsibility. I hope he is held (legally) accountable. At least in our country, attacking computer systems is a punishable offense and what this idiot did is more than just aiding and abetting. He should be put in prison and the key thrown away!
It is not directly his fault, read the comments of his post.
Cyberpanel gave him permission to disclose the vulnerability!
If you want to charge or sue someone, it is cyberpanel.
They did know about this at least since 23 Oct and did not use all their channels to inform all users about this critical Vulnerability and that everyone has to upgrade asap!
Cyberpanel is still flooding their blog with random posts instead of pinning the important security notifications and so on.
It looks like, they did not learn from this incident!
I don’t care about the comments! It would have been ok if he described the bug but this IDIOT published a ready to run attack script At that moment he went from “security researcher” to accomplice of the perpetrators in my eyes. Let’s report him!
The operator of the website dreyand.rs is known under the pseudonym “DreyAnd”. On his GitHub profile, he states his location as Serbia. GitHub On October 27, 2024, he published an article on his blog entitled “What Are My OPTIONS? CyberPanel v2.3.6 pre-auth RCE”, in which he describes a security vulnerability in CyberPanel version 2.3.6. DreyAnd If you wish to take legal action against him, you should contact the relevant law enforcement authorities in Serbia. However, as “DreyAnd” operates under a pseudonym, it may be difficult to establish his real identity without further investigation. It would be advisable to consult a lawyer who specializes in international criminal law to determine the best course of action.
In Serbia, the Cybercrime Department of the Ministry of the Interior is responsible for combating cybercrime. This department is responsible for the investigation and prosecution of criminal offenses in the field of information technology. To contact them or to file a complaint, you can visit the official website of the Serbian Ministry of Interior: Cybercrime.rs . There you will find further information and contact details. In addition, there is the Special Prosecutor’s Office for High-Tech Crime, which specializes in the prosecution of cybercrime. Further information can be found on the website of the public prosecutor’s office: Cybercrime.rs . It is recommended to provide all relevant evidence and information to support the investigation.
Yes because Cyberpanel allowed him and did not inform you about this issue!
Others also did not get a notification by cyberpanel.
Even if he had wait some more days, it would have hit you and others since there were no notifications!
You can try, but I think you won’t have any chance, since he got the permission by Cyberpanel to disclose the exploit.
Good luck in wasting money for this.
Nice of you to defend the idiot. No, as I said, he didn’t just publish the issue, but a ready-made attack script. That’s the difference. He didn’t show a blueprint, he put a finished weapon into circulation. It doesn’t matter whether Cyberpanel allowed him to report on the issue. Money is being destroyed wherever 22,000 admins are fighting for their servers and data and some are even prepared to pay a ransom. And doubts about DreyAnd arise at the latest when you see on the Internet that it is an 18-year-old Serb who calls himself a HACKER:
Why are you defending him? He’s responsible for everything. You’d think you were connected to him. I think all those affected should file a complaint with the Serbian public prosecutor’s office. That’s free of charge for a start. If they receive enough complaints, they will take action. Such people should be stopped! And if he is found guilty, then it’s time for compensation claims
HE PUBLISHED THE EXPLOITS not exploit but EXPLOITS due to lazy and weak security in cyberpanel.
Can you imagine the scenario where these exploits went undocumented and malicious threat actors used it to exploit servers, that’s a more grim situation, isn’t it? How long would that have taken to find and fix?
