Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability

December 3, 2024 at 05:58AM Cisco updated its advisory on the CVE-2014-2120 vulnerability, highlighting ongoing exploitation attempts. This medium-severity XSS flaw affects the WebVPN login page of Cisco ASA products. Customers are urged to upgrade to a patched version. The vulnerability was added to CISA’s Known Exploited Vulnerabilities catalog, prompting immediate action. ### Meeting Takeaways … Read more

AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials

March 21, 2024 at 09:48AM Cybersecurity researchers have uncovered AndroxGh0st, a tool used to target and steal sensitive data from Laravel applications. The tool exploits various vulnerabilities, such as CVE-2017-9841, to access and control targeted systems. As cloud environments are increasingly targeted, it’s crucial to keep software updated and monitor for suspicious activity. Krebs on … Read more

CISA: AWS, Microsoft 365 Accounts Under Active ‘Androxgh0st’ Attack

January 17, 2024 at 01:21PM The FBI and CISA have issued an alert about a malware campaign targeting Apache webservers and websites using the Laravel Web application framework. The campaign aims to steal credentials for high-profile applications such as AWS, Microsoft 365, Twilio, and SendGrid. The threat actors use a known malware called “Androxgh0st” to … Read more

US Gov Issues Warning for Androxgh0st Malware Attacks

January 17, 2024 at 11:36AM CISA and FBI have issued a joint advisory warning about Androxgh0st malware creating a botnet to target vulnerable networks. The malware primarily targets .env files containing sensitive information for AWS, Microsoft Office 365, SendGrid, and Twilio. It can abuse SMTP for scanning, exploit stolen credentials and APIs, and deploy web … Read more

Feds Warn of AndroxGh0st Botnet Targeting AWS, Azure, and Office 365 Credentials

January 17, 2024 at 06:39AM CISA and FBI warn of AndroxGh0st malware creating a botnet for victim identification and exploitation. Capable of infiltrating servers with known security flaws, it targets credentials for platforms like AWS and Microsoft Office 365. Features enable SMTP abuse and persistent access to compromised systems. Related tools include FBot and spike … Read more

FBI: Beware of thieves building Androxgh0st botnets using stolen creds

January 16, 2024 at 08:36PM The FBI and CISA warn that cybercriminals are leveraging old vulnerabilities to deploy Androxgh0st malware, targeting .env files containing user credentials for AWS, Microsoft Office 365, SendGrid, and Twilio. The malware can be used to steal data, execute code remotely, and create new AWS users and instances. Mitigations include updating … Read more

FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials

January 16, 2024 at 12:41PM CISA and the FBI warn about Androxgh0st malware, which is being used to create a botnet targeting cloud credential theft. The botnet exploits vulnerabilities in frameworks and servers. Additionally, it steals sensitive information, deploys malicious tools, and conducts spam campaigns. The agencies advise on mitigation measures to limit the impact … Read more

Known Indicators of Compromise Associated with Androxgh0st Malware

January 16, 2024 at 10:23AM The FBI and CISA have issued a joint Cybersecurity Advisory (CSA) outlining indicators of compromise (IOCs) and tactics related to Androxgh0st malware. The advisory includes specific recommendations for mitigating cybersecurity incidents caused by Androxgh0st infections. The malware targets websites using Laravel and Apache HTTP Server, and allows threat actors to … Read more