TellYouthePass Ransomware Group Exploits Critical PHP Flaw

June 12, 2024 at 11:50AM TellYouThePass, a ransomware group, is targeting businesses and individuals using open source Web development languages, exploiting a critical PHP vulnerability (CVE-2024-4577) for remote code execution. This allows them to execute arbitrary code on vulnerable servers, posing significant risks. They also use various attack techniques and exploit known vulnerabilities such as … Read more

Ransomware Group Exploits PHP Vulnerability Days After Disclosure

June 12, 2024 at 05:06AM Cybersecurity firm Imperva reports the exploitation of a recent PHP vulnerability, CVE-2024-4577, in ransomware attacks just days after its public disclosure. The bug impacts Windows servers using Apache and PHP-CGI and was addressed with the release of PHP versions 8.1.29, 8.2.20, and 8.3.8. The TellYouThePass ransomware gang was observed exploiting … Read more

TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers

June 11, 2024 at 10:28AM TellYouThePass ransomware gang has swiftly exploited the critical CVE-2024-4577 vulnerability in PHP, despite a recent patch. Using publicly available exploit code, they deploy webshells and execute an encryptor payload. By injecting a ransomware variant into memory, they demand 0.1 BTC for decryption. Over 450,000 exposed PHP servers could be vulnerable. … Read more

PHP fixes critical RCE flaw impacting all versions for Windows

June 7, 2024 at 10:39AM A new PHP RCE vulnerability, CVE-2024-4577, impacts Windows PHP versions since 5.x. With a patch released, updating large-scale deployments poses challenges, leaving systems vulnerable. Exploiting ‘Best-Fit’ encoding on Windows, it bypasses prior protections. Mitigations include upgrading to patched versions, applying mod_rewrite rules, or migrating from CGI to FastCGI, PHP-FPM, or … Read more

Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code

May 14, 2024 at 08:30AM Cacti network monitoring framework has addressed a dozen security flaws, including critical vulnerabilities like arbitrary code execution via file write and command injection. These flaws impact all versions prior to 1.2.26 and have been fixed in version 1.2.27. Users are advised to update to the latest version promptly to mitigate … Read more

Russian Turla Cyberspies Target Polish NGOs With New Backdoor

February 22, 2024 at 10:51AM Turla, a Russian state-sponsored threat actor, has deployed a new backdoor called TinyTurla-NG in recent attacks on NGOs in Poland. The malware, an evolution of TinyTurla, was first used in December 2023 and is designed for implant administration and file management. Turla also deployed other tools in this attack. From … Read more