1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • FBI warns criminals are building a dangerous new botnet and it's

    From TechnologyDaily@1337:1/100 to All on Wed Jan 17 16:15:05 2024
    FBI warns criminals are building a dangerous new botnet and it's after your Microsoft or AWS logins and more

    Date:
    Wed, 17 Jan 2024 16:06:23 +0000

    Description:
    Hackers are using Androxgh0st to steal Microsoft and AWS credentials and
    mount phishing and spam campaigns.

    FULL STORY ======================================================================

    Hackers are building a dangerous new botnet and are going after Microsoft and AWS assets in the process, a new security advisory released by the FBI and
    the Cybersecurity and Infrastructure Security Agency (CISA) has warned.

    According to the advisory, researchers have spotted threat actors using the Androxgh0st malware to compromise computers and servers.

    They were seen scanning endpoints for three remote code execution vulnerabilities: CVE-2017-9841, CVE-2021-41773, and CVE-2018-15133. By leveraging these flaws, the attackers would use Androxgh0st to grab .env
    files that contain sensitive data, including (among others) login credentials for AWS and MIcrosoft assets. Mitigating the threat

    Androxgh0st is capable of more than just compromising vulnerable devices and stealing login credentials. It can also abuse the Simple Mail Protocol (SMTP) and check to see the sending limit for the email accounts found on the breached computers. If the limit is satisfactory, the malware can be used to mount phishing and spam campaigns.

    Furthermore, hackers can use the access to Microsoft and AWS assets to create fake pages on compromised websites, which further grants them backdoor access to databases with sensitive information.

    To remain secure, the FBI and CISA say, organizations should make sure their operating systems, software, and firmware are all updated. Making sure their Apache servers aren't running versions 2.4.49 or 2.4.50 was stressed as pivotal. Furthermore, they should make sure the default configuration for all URIs is to deny all requests, unless theres a specific need for it to be accessible. Also, Laravel applications should not be in debug or testing
    mode, and cloud credentials should not be present in .env files.

    The full list of the recommendations can be found on this BleepingComputer link .

    CVE-2018-15133, described as Laravel deserialization of untrusted data vulnerability, was added to CISAs Known Exploited Vulnerabilities (KEV) catalog as being actively exploited. More from TechRadar Pro Botnet activity surges as criminals get braver - can your business stand strong? Here's a
    list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/fbi-warns-criminals-are-building-a-dang erous-new-botnet-and-its-after-your-microsoft-or-aws-logins-and-more


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)