Security News > 2024 > June > TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers
The TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems.
TellYouThePass ransomware is known for quickly jumping on public exploits for vulnerabilities with a wide impact.
In the latest attacks spotted by researchers at cybersecurity company Imperva, TellYouThePass exploits the critical-severity CVE-2024-4577 bug to execute arbitrary PHP code, using the Windows mshta.
CVE-2024-4577 is a critical RCE vulnerability that impacts all PHP versions since 5.x. It stems from unsafe character encoding conversions on Windows when used in CGI mode.
According to a report from Censys yesterday, there are more than 450,000 exposed PHP servers that could be vulnerable to the CVE-2024-4577 RCE vulnerability, most of them located in the United States and Germany.
PHP fixes critical RCE flaw impacting all versions for Windows.
News URL
Related news
- CentreStack RCE exploited as zero-day to breach file sharing servers (source)
- Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- RedCurl cyberspies create ransomware to encrypt Hyper-V servers (source)
- UK fines software provider £3.07 million for 2022 ransomware breach (source)
- CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices (source)
- Retail giant Sam’s Club investigates Clop ransomware breach claims (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
- Texas State Bar warns of data breach after INC ransomware claims attack (source)
- Port of Seattle says ransomware breach impacts 90,000 people (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-09 | CVE-2024-4577 | OS Command Injection vulnerability in multiple products In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. | 9.8 |