Hacker News new | past | comments | ask | show | jobs | submit login
New Relic Security Incident – Security Bulletin NR23-01 (newrelic.com)
34 points by belltaco 11 months ago | hide | past | favorite | 10 comments



Does anyone have any _actual_ information about what has happened? This seems like the email was sent out too early - I've got nothing actionable to go off.

> We will continue to provide relevant updates as we have more information to share.

"Continue to provide" implies you've shared something in the first place. This is a placeholder page.

Am I missing something?


Feels like it’s the night before Thanksgiving and none of the right people are on call.


Exactly my thinking. I'd like to know if we need to do anything with the agents we're running.


> To be clear, if you do not hear from us, there is no action you need to take at this time.


From this[1] PR, it seems to be related to "sensitive information in synthetic URLs", as this[2] article was just introduced bundled with the advisory article.

So I assume the security incident is about those who:

> You have a synthetic monitor that contains sensitive information (like passwords or usernames) in a URL or script.

[1] https://github.com/newrelic/docs-website/pull/15307/files

[2] https://docs.newrelic.com/docs/synthetics/synthetic-monitori...


Grok has taken over their entire system and is now sending out fake security bulletins. Only logical explanation. It's like son of Anton all over again.


Well that’s simply a delightful and confidence inspiring message.


We need to bury the news and we weren't ready on Friday (17th) evening; let's do it Wednesday evening, right before Thanksgiving instead.


we received this email - no details


I love how the email "encouraged" us to read their blog. Clicked through to the blog and absolutely zero information is provided. Cool, thanks.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: