Featured Story
TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers
CVE-2024-4577 is a critical vulnerability allowing for remote code execution (RCE) that impacts all PHP versions since 5.x. It stems from unsafe character encoding conversions on Windows when used in CGI mode. A fix was delivered June 6 with the release of PHP versions 8.3.8, 8.2.20, and 8.1.29. Roughly two days later, the TellYouThePass ransomware gang began exploiting the flaw to deliver webshells and execute encryptor payloads. This gang is known for quickly leveraging public exploits with wide impact.
The issue affects PHP versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8 when using Apache and PHP-CGI on Windows. Users are advised to update immediately or follow mitigations provided by Devcore. CCB strongly recommends system administrators patch or apply mitigations without delay.
Other Stories
Critical MSMQ RCE Bug Opens Microsoft Servers to Complete Takeover
Microsoft has patched CVE-2024-30080, a critical MSMQ vulnerability (CVSS 9.8) that allows remote code execution via specially crafted packets. It affects Windows Server 2008 onward and could allow complete server takeover.
Microsoft classified this vulnerability as ‘Exploitation More Likely’. If port 1801 isn’t needed, disable it. Otherwise, patch CVE-2024-30080 immediately to reduce risk.
JetBrains IntelliJ IDE GitHub Plugin Leaks Access Tokens (CVE-2024-37051)
JetBrains warned of a critical vulnerability affecting IntelliJ IDEs that could expose GitHub tokens via malicious pull requests. The issue impacts 2023.1+ versions and has now been fixed in updated IDE builds and plugins.
Apply available updates and revoke GitHub tokens associated with affected versions. The CCB strongly recommends applying vendor mitigations after testing.
CRITICAL VULNERABILITY AFFECTS Veeam Recovery Orchestrator (CVE-2024-29855)
The flaw allows attackers to access the VRO web UI with admin privileges if they know an active access token and role. This poses a serious risk to disaster recovery capabilities.
Apply hotfixes to update to builds 7.0.0.379 or 7.1.0.230. If your recovery infrastructure is impacted, patch immediately or contact our SOC for support.
Beware of False Emails Sent in the Name of Fortis Bank
Scammers are distributing phishing emails impersonating BNP Paribas Fortis, claiming the user must update their system to prevent counterfeit card usage.
Do not click suspicious links or download apps. Forward suspicious emails to suspicious@safeonweb.be. Our SOC is here if you need help identifying phishing.
Contact the Approach Cyber SOC team for tailored support and training programs.
