July 11, 2024 at 01:54AM Multiple threat actors are exploiting a recently disclosed security flaw in PHP (CVE-2024-4577) to deliver remote access trojans, cryptocurrency miners, and DDoS botnets. Users are advised to update their PHP installations. Additionally, DDoS attacks increased 20% year-over-year, with China being the most targeted country. Follow for more exclusive content. Based … Read more
June 12, 2024 at 11:50AM TellYouThePass, a ransomware group, is targeting businesses and individuals using open source Web development languages, exploiting a critical PHP vulnerability (CVE-2024-4577) for remote code execution. This allows them to execute arbitrary code on vulnerable servers, posing significant risks. They also use various attack techniques and exploit known vulnerabilities such as … Read more
June 12, 2024 at 05:06AM Cybersecurity firm Imperva reports the exploitation of a recent PHP vulnerability, CVE-2024-4577, in ransomware attacks just days after its public disclosure. The bug impacts Windows servers using Apache and PHP-CGI and was addressed with the release of PHP versions 8.1.29, 8.2.20, and 8.3.8. The TellYouThePass ransomware gang was observed exploiting … Read more
June 11, 2024 at 10:28AM TellYouThePass ransomware gang has swiftly exploited the critical CVE-2024-4577 vulnerability in PHP, despite a recent patch. Using publicly available exploit code, they deploy webshells and execute an encryptor payload. By injecting a ransomware variant into memory, they demand 0.1 BTC for decryption. Over 450,000 exposed PHP servers could be vulnerable. … Read more
June 7, 2024 at 10:39AM A new PHP RCE vulnerability, CVE-2024-4577, impacts Windows PHP versions since 5.x. With a patch released, updating large-scale deployments poses challenges, leaving systems vulnerable. Exploiting ‘Best-Fit’ encoding on Windows, it bypasses prior protections. Mitigations include upgrading to patched versions, applying mod_rewrite rules, or migrating from CGI to FastCGI, PHP-FPM, or … Read more
May 14, 2024 at 08:30AM Cacti network monitoring framework has addressed a dozen security flaws, including critical vulnerabilities like arbitrary code execution via file write and command injection. These flaws impact all versions prior to 1.2.26 and have been fixed in version 1.2.27. Users are advised to update to the latest version promptly to mitigate … Read more
February 22, 2024 at 10:51AM Turla, a Russian state-sponsored threat actor, has deployed a new backdoor called TinyTurla-NG in recent attacks on NGOs in Poland. The malware, an evolution of TinyTurla, was first used in December 2023 and is designed for implant administration and file management. Turla also deployed other tools in this attack. From … Read more