An updated version of the ransomware called Legion comes with expanded features including the ability to compromise SSH servers and Amazon Web Services (AWS) credentials.
It also can exploit SSH servers using the Paramiko module.
Muir warns that misconfigurations in web applications are still the primary method used by Legion to retrieve credentials.
Therefore, it’s recommended that developers and administrators of web applications regularly review access to resources within the applications themselves, and seek alternatives to storing secrets in environment files, he said.
Muir warns about the added capabilities of this new version of Legion, which includes the capability to retrieve additional AWS-specific credentials related to DynamoDB, CloudWatch, and AWS Owl from Laravel web applications.
Misconfigurations as the primary means of obtaining credentials remains the primary mode used by legion.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply