June 7, 2024 at 10:39AM A new PHP RCE vulnerability, CVE-2024-4577, impacts Windows PHP versions since 5.x. With a patch released, updating large-scale deployments poses challenges, leaving systems vulnerable. Exploiting ‘Best-Fit’ encoding on Windows, it bypasses prior protections. Mitigations include upgrading to patched versions, applying mod_rewrite rules, or migrating from CGI to FastCGI, PHP-FPM, or … Read more
February 14, 2024 at 08:03AM A new DNS vulnerability, named KeyTrap or CVE-2023-50387, has been discovered by researchers. The flaw in DNSSEC could potentially allow attackers to disrupt large parts of the internet using a single specially crafted DNS packet. While patches are being released, prevention may require changes to the underlying DNSSEC design. The … Read more
October 19, 2023 at 11:05AM State-sponsored threat actors from Russia and China are exploiting the WinRAR vulnerability in unpatched systems to deliver malware. Google TAG has observed attacks targeting organizations in Ukraine and Papua New Guinea. The flaw is a known vulnerability in WinRAR, but many systems remain vulnerable. Patching remains a global challenge for … Read more