PHP fixes critical RCE flaw impacting all versions for Windows

June 7, 2024 at 10:39AM A new PHP RCE vulnerability, CVE-2024-4577, impacts Windows PHP versions since 5.x. With a patch released, updating large-scale deployments poses challenges, leaving systems vulnerable. Exploiting ‘Best-Fit’ encoding on Windows, it bypasses prior protections. Mitigations include upgrading to patched versions, applying mod_rewrite rules, or migrating from CGI to FastCGI, PHP-FPM, or … Read more

KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers

February 14, 2024 at 08:03AM A new DNS vulnerability, named KeyTrap or CVE-2023-50387, has been discovered by researchers. The flaw in DNSSEC could potentially allow attackers to disrupt large parts of the internet using a single specially crafted DNS packet. While patches are being released, prevention may require changes to the underlying DNSSEC design. The … Read more

Patch Now: APTs Continue to Pummel WinRAR Bug

October 19, 2023 at 11:05AM State-sponsored threat actors from Russia and China are exploiting the WinRAR vulnerability in unpatched systems to deliver malware. Google TAG has observed attacks targeting organizations in Ukraine and Papua New Guinea. The flaw is a known vulnerability in WinRAR, but many systems remain vulnerable. Patching remains a global challenge for … Read more