alt Hacker NewsThis. I’ve been hearing panic from the non-security community about Mythos because “zomg z3r0 d4y5!!” Since the announcement but these are the same people running production servers 10 updates and 2 critical security fixes behind for years.
I don’t need cutting edge AI to take you down. I need MetaSploit with a CVE list that’s been updated in the last 6 months.
I once had a freelance gig to upgrade an environment that hadn't been touched in years. One server had a 1500 day uptime and I could find no evidence of any in-place upgrades. They made me watch a bunch of IT security / process videos before starting the project, though. This was a decent sized organization with 100's of employees and 100's of millions in revenue.
My job at a "near unicorn" "we're still a startup 10 years later" was no better. Distros that were no longer updated. Obsolete python versions. Servers that hadn't been rebooted in years. All environments in a single AWS account. I could go on...