Security researchers revealed that ransomware attackers have swiftly turned a simple-to-exploit PHP programming language vulnerability—which allows malicious code to be executed on web servers—into a weapon.
As of Thursday last week, Censys’ Internet scans had found 1,000 servers infected with the TellYouThePass ransomware strain, down from 1,800 on Monday. The servers, which are largely based in China, no longer display their typical content; instead, many list the site’s file directory, which shows that all files have a.locked extension, indicating that they have been encrypted. The accompanying ransom note demands around $6,500 in exchange for the decryption key.
The vulnerability, identified as CVE-2024-4577 and assigned a severity rating of 9.8 out of 10, results from flaws in PHP’s conversion of Unicode characters to ASCII. Best Fit, a feature integrated into Windows, enables attackers to utilise argument injection to turn user-supplied data into characters that send malicious commands to the main PHP application. Exploits enable attackers to circumvent CVE-2012-1823, a significant code execution vulnerability addressed in PHP in 2012.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: