The Download
The web scripting PHP vulnerability CVE-2024-4577 disclosed in June 2024 is now being actively exploited by ransomware gang TellYouThePass after proof of concept (PoC) exploit script was released by security researchers from watchTowr. Shadowserver warned earlier this month that this remote code execution vulnerability was likely to be exploited given its wide prevalence on web sites. Security firm Imperva says TellYouThePass has used the PoC code to execute arbitrary PHP commands on the system, which in turn, is used to run malicious VBscript to launch the ransomware.
What You Can Do
We can't say we weren't warned by the Shadowserver researchers. The PHP web application vulnerability allows an attacker to run arbitrary code on your web server putting it at risk. The ransomware gang got the memo and the code. So what can you do? This one is simple: scan and pen test your web server for the vulnerability, and if present, upgrade your PHP distribution.
To Learn More: