PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks

A recently discovered PHP security vulnerability has been reported to be used by a number of threat actors to propagate distributed denial-of-service (DDoS) botnets, bitcoin miners, and remote access trojans.

The CVE-2024-4577 vulnerability (CVSS score: 9.8) in question gives an attacker the ability to remotely execute malicious commands on Windows computers that are configured with Chinese and Japanese language locales. It was made known to the public in early June 2024.

Researchers at Akamai, Kyle Lefton, Allen West, and Sam Tinklenberg, identified a vulnerability called CVE-2024-4577 that lets an attacker bypass the command line and pass arguments that are parsed directly by PHP. They made this discovery on Wednesday. “The method used to translate Unicode characters into ASCII is where the vulnerability resides read more about PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *