Attempted exploitation of the already patched critical PHP-CGI remote code execution vulnerability, tracked as CVE-2024-4577, was discovered by GreyNoise researchers to have escalated across the U.S., Japan, Singapore, and other parts of the world in January, according to The Record, a news site managed by Recorded Future..Such findings, which indicated more widespread exploitation than previously thought, came a day after Cisco Talos disclosed that intrusions leveraging the flaw were primarily targeted at Japanese organizations.The threat actors behind the predominantly Japan-targeted attack campaign used a command-and-control server to launch a slew of malicious tools and frameworks aimed at compromising credentials and ensuring persistence in targeted systems that could portend more significant attacks in the future, said Cisco Talos researchers.Both reports from GreyNoise and Cisco Talos follow months after the PHP-CGI vulnerability was initially reported by Symantec researchers to have been exploited in an attack against a Taiwanese university just weeks after it was patched.
Vulnerability Management, Patch/Configuration Management
Targeting Of Critical PHP Vulnerability Expands Globally
(Adobe Stock)
You can skip this ad in 5 seconds