Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 24 – 2024

Publication date

14.06.2024

Featured Story

TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers

CVE-2024-4577 is a critical vulnerability allowing for remote code execution (RCE) that impacts all PHP versions since 5.x. It stems from unsafe character encoding conversions on Windows when used in CGI mode. A fix was delivered June 6 with the release of PHP versions 8.3.8, 8.2.20, and 8.1.29. Roughly two days later, the TellYouThePass ransomware gang began exploiting the flaw to deliver webshells and execute encryptor payloads. This gang is known for quickly leveraging public exploits with wide impact.

SOC Analysis:
The issue affects PHP versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8 when using Apache and PHP-CGI on Windows. Users are advised to update immediately or follow mitigations provided by Devcore. CCB strongly recommends system administrators patch or apply mitigations without delay.

Other Stories

Critical MSMQ RCE Bug Opens Microsoft Servers to Complete Takeover

Microsoft has patched CVE-2024-30080, a critical MSMQ vulnerability (CVSS 9.8) that allows remote code execution via specially crafted packets. It affects Windows Server 2008 onward and could allow complete server takeover.

SOC Analysis:
Microsoft classified this vulnerability as ‘Exploitation More Likely’. If port 1801 isn’t needed, disable it. Otherwise, patch CVE-2024-30080 immediately to reduce risk.

JetBrains IntelliJ IDE GitHub Plugin Leaks Access Tokens (CVE-2024-37051)

JetBrains warned of a critical vulnerability affecting IntelliJ IDEs that could expose GitHub tokens via malicious pull requests. The issue impacts 2023.1+ versions and has now been fixed in updated IDE builds and plugins.

SOC Analysis:
Apply available updates and revoke GitHub tokens associated with affected versions. The CCB strongly recommends applying vendor mitigations after testing.

CRITICAL VULNERABILITY AFFECTS Veeam Recovery Orchestrator (CVE-2024-29855)

The flaw allows attackers to access the VRO web UI with admin privileges if they know an active access token and role. This poses a serious risk to disaster recovery capabilities.

SOC Analysis:
Apply hotfixes to update to builds 7.0.0.379 or 7.1.0.230. If your recovery infrastructure is impacted, patch immediately or contact our SOC for support.

Beware of False Emails Sent in the Name of Fortis Bank

Scammers are distributing phishing emails impersonating BNP Paribas Fortis, claiming the user must update their system to prevent counterfeit card usage.

SOC Analysis:
Do not click suspicious links or download apps. Forward suspicious emails to suspicious@safeonweb.be. Our SOC is here if you need help identifying phishing.

Want to enhance your organization’s cyber awareness or compliance strategy?
Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?