FULL DISCLOSURE: May 2023 Security Incident Report
As promised before, here's our final report, detailing the events and measures taken around the security incident and attack on Emby Server installations in May 2023:
Emby Malware Incident Report 2023-05.pdf
I hope, this will help to address remaining questions. We don't have all answers about origin, background and intentions of the attackers, but we tried to transparently document what we did when and how and why.
softworkz
Yep, aware of that - as per my post, I had already installed Scripter-X for other duties (producing dedicated activity logs) and the plugin also has a questionable function of deploying 'packages' from a remote site that may also have been compromised as part of the incident - at that point in time (working with @softworkzbefore it was publicaly released as an incident) - it was wise to remove all forms of potential entry/risk. None of my systems were ever compromised - this was all preventati