Vulnerability Management, Patch/Configuration Management, Threat Intelligence

Targeting of PHP vulnerability expands globally

Enabling the encryption may have prevented the recent attack on the PHP Git server.

Attempted exploitation of the already patched critical PHP-CGI remote code execution vulnerability, tracked as CVE-2024-4577, was discovered by GreyNoise researchers to have escalated across the U.S., Japan, Singapore, and other parts of the world in January, according to The Record, a news site by cybersecurity firm Recorded Future..

Such findings, which indicated more widespread exploitation than previously thought, came a day after Cisco Talos disclosed that intrusions leveraging the flaw were primarily targeted at Japanese organizations.

The threat actors behind the predominantly Japan-targeted attack campaign utilized a command-and-control server to launch a slew of malicious tools and frameworks aimed at compromising credentials and ensuring persistence in targeted systems that could portend more significant attacks in the future, said Cisco Talos researchers.

Both reports from GreyNoise and Cisco Talos follow months after the PHP-CGI vulnerability was initially reported by Symantec researchers to have been exploited in an attack against a Taiwanese university just weeks after it was patched.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds