sylver_dragon@lemmy.world
on 27 Jun 2025 14:49
collapse
The initial access seems to include an Apache CVE from 2019 and a WordPress plugin CVE from 2017. Honestly, UCSD should write a “thank you” letter to Androxgh0st for highlighting their poor patch management, and only using it for C2 in the process. Rather than as a beachhead into the network for a full-blown ransomware attack.
If your patch management is this bad, you shouldn’t be allowed to put stuff on the internet.
threaded - newest
The initial access seems to include an Apache CVE from 2019 and a WordPress plugin CVE from 2017. Honestly, UCSD should write a “thank you” letter to Androxgh0st for highlighting their poor patch management, and only using it for C2 in the process. Rather than as a beachhead into the network for a full-blown ransomware attack.
If your patch management is this bad, you shouldn’t be allowed to put stuff on the internet.