Androxgh0st Continues Exploitation: Operators Compromise a US University For Hosting C2 Logger | CloudSEK (www.cloudsek.com)
from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 26 Jun 14:50
https://sh.itjust.works/post/41009053

#cybersecurity

threaded - newest

sylver_dragon@lemmy.world on 27 Jun 14:49 collapse

The initial access seems to include an Apache CVE from 2019 and a WordPress plugin CVE from 2017. Honestly, UCSD should write a “thank you” letter to Androxgh0st for highlighting their poor patch management, and only using it for C2 in the process. Rather than as a beachhead into the network for a full-blown ransomware attack.

If your patch management is this bad, you shouldn’t be allowed to put stuff on the internet.