close
close

Widespread exploit of PHP vulnerability reported

SC Media reports that several threat actors launched attacks exploiting the PHP vulnerability, known as CVE-2024-4577, shortly after the vulnerability was disclosed in late spring.

In addition to facilitating the spread of the Gh0st RAT malware and the RedTail cryptominer, the attackers also exploited the vulnerability to deploy the Muhstik malware with cryptomining and distributed denial-of-service attack capabilities, according to a report by Akamai.

Michael Skelton, Vice President of Operations and Hacker Success at Bugcrowd, and Lionel Litty, Chief Security Architect at Menlo Security, have recommended an immediate fix to prevent possible remote command execution on the server side, which could allow complete compromise of the web server and additional exploitation of the systems.

“The level of access they allow can also enable the provision of persistent access, allowing future compromises even after the initial flaw is fixed. While mitigations are available from Akamai and other vendors for temporary protection, these solutions can often be circumvented,” Skelton said.

Read the whole story here.