Recherche : [CVE-2024-4577]

GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577) https://www.greynoise.io/blog/mass-exploitation-critical-php-cgi-vulnerability-cve-2024-457?is=e4f6b16c6de31130985364bb824bcb39ef6b2c4e902e4e553f0ec11bdbefc118

12/03/2025 08:36:52

‍GreyNoise data confirms that exploitation of CVE-2024-4577 extends far beyond initial reports. Attack attempts have been observed across multiple regions, with notable spikes in the United States, Singapore, Japan, and other countries throughout January 2025.

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan https://cyble.com/blog/cyble-honeypot-sensors-detect-wordpress-plugin-attack-new-banking-trojan/

04/10/2024 13:36:12

WordPress plugins are under active attack, a new banking trojan is spreading, and phishing and brute-force attacks continue unabated.

CVE-2024-4577 Exploits in the Wild One Day After Disclosure https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure

11/07/2024 09:04:42

The Akamai Security Intelligence Response Team (SIRT) has been monitoring activity surrounding CVE-2024-4577, a PHP vulnerability that affects installations running CGI mode that was disclosed in June 2024.
The vulnerability primarily affects Windows installations using Chinese and Japanese language locales, but it is possible that the vulnerability applies to a wider range of installations.
As early as one day after disclosure, the SIRT observed numerous exploit attempts to abuse this vulnerability, indicating high exploitability and quick adoption by threat actors.
The exploitations include command injection and multiple malware campaigns: Gh0st RAT, RedTail cryptominers, and XMRig.
Akamai App & API Protector has been automatically mitigating exploits that target our customers.

In this blog post, we’ve included a comprehensive list of indicators of compromise (IOCs) for the various exploits we discuss.

CVE-2024-4577 RCE in PHP CGI: Everything you need to know | Wiz Blog https://www.wiz.io/blog/critical-rce-php-cgi-vulnerability

11/06/2024 16:56:23

Detect and mitigate CVE-2024-4577, a critical remote code execution vulnerability in PHP CGI. Organizations are advised to patch urgently.

Security Alert: CVE-2024-4577 - PHP CGI Argument Injection Vulnerability https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/?ref=labs.watchtowr.com

07/06/2024 13:50:51

While implementing PHP, the team did not notice the Best-Fit feature of encoding conversion within the Windows operating system. This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument injection attack.

No Way, PHP Strikes Again! (CVE-2024-4577) https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/

07/06/2024 13:50:05

Orange Tsai tweeted a few hours ago about “One of [his] PHP vulnerabilities, which affects XAMPP by default”, and we were curious to say the least. XAMPP is a very popular way for administrators and developers to rapidly deploy Apache, PHP, and a bunch of other tools, and any bug

Liens par page

Filtres