🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥

Startup Showcase

Premium Content

Try our Valuation Calculator →

News on Medial

Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating

Arstechnica

Arstechnica · 1y ago

Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating

Security researchers have discovered a ransomware that exploits a vulnerability in the PHP programming language, infecting over 1,000 servers primarily located in China. The vulnerability, CVE-2024-4577, allows attackers to use argument injection to pass malicious commands to the main PHP application. The ransomware, named TellYouThePass, encrypts files and demands a ransom of $6,500 for decryption. The exploit is targeting servers running PHP in CGI mode and requires the Windows locale to be set to Chinese or Japanese. The majority of infected servers have IP addresses in China, Taiwan, Hong Kong or Japan. XAMPP, a platform that uses PHP by default, is particularly vulnerable.

Related News

They’ve begun: Attacks exploiting vulnerability with maximum 10 severity rating

Arstechnica

Arstechnica · 1y ago

They’ve begun: Attacks exploiting vulnerability with maximum 10 severity rating

Ransomware hackers are exploiting recently fixed vulnerabilities in WS_FTP Server, posing a significant threat to enterprise networks. One vulnerability, with a severity rating of 10, allows attackers to execute malicious code without authentication. Another vulnerability, rated at 9.9, also enables remote code execution but requires authentication. The vulnerabilities were discovered by researchers and are being actively exploited. Progress Software, the maker of the affected software, has encouraged customers to patch their environments as soon as possible. The exploit potentially compromises networks and has impacted several organizations worldwide.

Maximum-severity GitLab flaw allowing account hijacking under active exploitation

Arstechnica

Arstechnica · 1y ago

Maximum-severity GitLab flaw allowing account hijacking under active exploitation

A vulnerability in GitLab's password reset feature is being actively exploited by hackers, according to US federal government officials. The vulnerability, which allows attackers to take control of user accounts, affects those who have not installed a patch released in January. The exploit does not require user interaction and can only be used against accounts without multifactor authentication. The vulnerability carries a severity rating of 10 out of 10 and poses a serious threat as it can potentially allow attackers to introduce changes or plant malware in software built in compromised environments.

Ivanti warns of critical vulnerability in its popular line of endpoint protection software

Arstechnica

Arstechnica · 1y ago

Ivanti warns of critical vulnerability in its popular line of endpoint protection software

Software maker Ivanti has issued a warning about a critical SQL injection vulnerability in its Endpoint Manager product that allows unauthenticated attackers to execute malicious code within affected networks. The vulnerability affects all supported versions of Ivanti EPM and carries a severity rating of 9.6 out of 10. While there is currently no evidence of active exploitation, users are urged to patch the vulnerability as soon as possible to prevent potential remote code execution and unauthorized access to machines.

Cisco tells Secure Client users to patch immediately or risk VPN security flaw

Techradar

Techradar · 1y ago

Cisco tells Secure Client users to patch immediately or risk VPN security flaw

Cisco has addressed a high-severity vulnerability in its Secure Client software. The flaw, known as "carriage return line feed injection vulnerability," allows unauthenticated attackers to establish a VPN session with a target endpoint. Exploiting this vulnerability could enable remote execution of arbitrary script code and unauthorized access to sensitive information. The flaw was discovered by Amazon's Paulos Yibelo Mesfin, who explains that attackers could gain access to victims' internal networks simply by tricking them into visiting a website under their control. Updating to the patched versions of the software is recommended to ensure security.

Actively exploited vulnerability gives extraordinary control over server fleets

Arstechnica

Arstechnica · 20d ago

Actively exploited vulnerability gives extraordinary control over server fleets

A maximum-severity vulnerability in AMI MegaRAC, a firmware package used in servers from various manufacturers, is being actively exploited, giving attackers full control over tens of thousands of servers. This vulnerability allows remote control of servers without authentication, impacting mission-critical data centers. The flaw lets attackers evade traditional security measures, potentially implant malicious code in firmware, and cause operational disruptions. While some vendors have released patches, affected organizations are urged to secure their systems promptly.

Zoom patches critical security flaws across its Windows apps — update now to stay safe

Techradar

Techradar · 1y ago

Zoom patches critical security flaws across its Windows apps — update now to stay safe

Zoom has patched a critical vulnerability in its Windows apps that allowed attackers to escalate privileges remotely. The flaw, tracked as CVE-2024-24691, was found in various Zoom Windows clients and carried a severity rating of 9.6. While details of the flaw remain undisclosed, it is suspected to require some form of victim interaction, such as clicking a malicious link or opening a malware-laden attachment. Zoom urges users to update their applications to the latest version to protect against potential exploits. The company has also addressed six other vulnerabilities in the update.

Critical WordPress plugin vulnerability under active exploit threatens thousands

Arstechnica

Arstechnica · 7m ago

Critical WordPress plugin vulnerability under active exploit threatens thousands

A vulnerability has been identified that enables the execution of malicious code without authentication. Unfortunately, only a small percentage of users have installed the necessary patch to fix the issue. Additionally, there is another vulnerability, CVE-2024-50498, in WP Query Console that has not yet been addressed and carries a severity rating of 10 out of 10.

Lockbit cybercrime gang says it is back online following global police bust

Economic Times

Economic Times · 1y ago

Lockbit cybercrime gang says it is back online following global police bust

The Lockbit cybercrime gang, known for using ransomware to extort victims, has announced that its servers are back online following a recent international police operation that targeted the group. In a statement, the gang revealed that its website was hacked by law enforcement using a vulnerability in the PHP programming language. While Lockbit's darkweb site was compromised, its other servers with backup blogs continue to leak stolen data. Authorities remain determined to target and disrupt Lockbit, as they work to gather intelligence on the group and its affiliates.

“This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard

Arstechnica

Arstechnica · 1y ago

“This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard

A critical vulnerability in Citrix hardware, known as Citrix Bleed, is being exploited by ransomware hackers despite a patch being available for three weeks. The vulnerability allows attackers to bypass multifactor authentication (MFA) and gain access to enterprise networks. Session tokens, including those used for MFA, can be disclosed through this vulnerability. Security researcher Kevin Beaumont has reported at least 20,000 instances of exploited Citrix devices. It is recommended that organizations patch their devices, rotate credentials, and check for signs of compromise.

Critical vulnerability affecting most Linux distros allows for bootkits

Arstechnica

Arstechnica · 1y ago

Critical vulnerability affecting most Linux distros allows for bootkits

Linux developers are working to fix a high-severity vulnerability that can enable the installation of malware at the firmware level, making it difficult to detect or remove. The vulnerability is found in "shim," a component that runs during the boot process before the operating system starts. It plays a crucial role in secure boot, a protection feature in most devices to ensure every link in the boot process is verified. Successful exploitation of the vulnerability allows attackers to execute malicious firmware during the earliest stages of booting, undermining the secure boot mechanism. The vulnerability requires compromising the targeted device or the server/network the device boots from.

Trackers

Active Indian VC’s

OG Capital Email

With a hands-on approach, OG Capital aims to invest in over 20 promising...

Accel Partners Email

Early and growth-stage investments in disruptive technology companies with...

Early-stage venture capital firm investing in technology startups in India. Focus on...

Access All Trackers

Startup Showcase Winners

June 2025

Helping your parents when you are miles away

The Pit Stop Your Cravings Deserve

The next generation E-commerce platform

Enter Ongoing Startup Showcase

Top Users

Trending News on Medial

Meta acquires voice startup Play ...

Zomato CEO Deepinder Goyal buys l ...

Exclusive: Porter turns profitabl ...

Download the medial app to read full posts, comements and news.