Today's cybersecurity headlines are brought to you by ThreatPerspective

Biz & IT Ars Technica

Nasty bug with very simple exploit hits PHP just in time for the weekend

With PoC code available and active Internet scans, speed is of the essence.

Nasty bug with very simple exploit hits PHP just in time for the weekend

A critical vulnerability in the PHP programming language can be trivially exploited to execute malicious code on Windows devices, security researchers warned as they urged those affected to take action before the weekend starts.

Within 24 hours of the vulnerability and accompanying patch being published, researchers from the nonprofit security organization Shadowserver reported Internet scans designed to identify servers that are susceptible to attacks. That combined with (1) the ease of exploitation, (2) the availability of proof-of-concept attack code, (3) the severity of remotely executing code on vulnerable machines, and (4) the widely used XAMPP platform being vulnerable by default has prompted security practitioners to urge admins check to see if their PHP servers are affected before starting the weekend.

When “Best Fit” isn't

“A nasty bug with a very simple exploit perfect for a Friday afternoon,” researchers with security firm WatchTowr wrote.

Read 16 remaining paragraphs | Comments

Published: 2024-06-07T21:57:49

© Ethical Hacking News . All rights reserved.

Privacy | Terms of Use | Contact Us