AdvisoriesCISAAA24-016AJanuary 16, 2024
January 16, 2024
This joint Cybersecurity Advisory from the FBI and CISA warns of the Androxgh0st malware, which establishes a botnet to exploit known vulnerabilities like CVE-2017-9841 in PHPUnit, CVE-2018-15133 in Laravel, and CVE-2021-41773 in Apache. Androxgh0st targets .env files containing sensitive credentials, uses SMTP for malicious activities, and can execute remote code through exposed Laravel application keys and Apache web servers. Organizations are urged to patch known vulnerabilities, limit internet exposure, and monitor for unauthorized access, especially in services with exposed credentials.
January 16, 2024
The ease of exploitation involved with the PHPUnit vulnerability - a simple request to a specific vulnerable endpoint with basic PHP code execution - underscores the importance of automatic patching. At many organizations, especially larger ones, upgrading software is a manual and time consuming process. Each upgrade carries a certain amount of risk, as the change set may be incompatible with other critical applications on the system. However, it is possible to establish a process of safe automated patching - and setting one up should be a top priority.
Be immediately notified of new advisories and associated security tests
