Security News > 2024 > July > PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks
The vulnerability in question is CVE-2024-4577, which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales.
The disclosure comes as Cloudflare said it recorded a 20% year-over-year increase in DDoS attacks in the second quarter of 2024, and that it mitigated 8.5 million DDoS attacks during the first six months.
In comparison, the company blocked 14 million DDoS attacks for the entirety of 2023.
"Overall, the number of DDoS attacks in Q2 decreased by 11% quarter-over-quarter, but increased 20% year-over-year," researchers Omer Yoachimik and Jorge Pacheco said in the DDoS threat report for Q2 2024.
Information technology and services, telecom, consumer goods, education, construction, and food emerged as the top sectors targeted by DDoS attacks.
"Argentina was ranked as the largest source of DDoS attacks in the second quarter of 2024," the researchers said.
News URL
https://thehackernews.com/2024/07/php-vulnerability-exploited-to-spread.html
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- DDoS attacks reportedly behind DayZ and Arma network outages (source)
- Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- New Eleven11bot botnet infects 86,000 devices for DDoS attacks (source)
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-09 | CVE-2024-4577 | OS Command Injection vulnerability in multiple products In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. | 9.8 |