Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Ransomware Strikes Fast: TellYouThePass Exploits PHP Bug Just 48 Hours After Patch
The TellYouThePass ransomware gang wasted no time exploiting the CVE-2024-4577 vulnerability in PHP, attacking less than 48 hours after patches were released. Researchers at Imperva revealed the gang uses the Windows mshta.exe binary to run a malicious HTML application, encrypting files and demanding ransom through…
Hot Take:
PHP just got a patch, but it seems the TellYouThePass ransomware gang got the memo first. Less than 48 hours after the fix for CVE-2024-4577, they were already causing chaos. It’s like they had a calendar reminder set for “Exploit Day!”.
Key Points:
– TellYouThePass ransomware exploits CVE-2024-4577 in PHP to deploy webshells and ransomware payloads.
– Attacks began less than 48 hours after the security update was released.
– The ransomware uses Windows mshta.exe to execute a malicious HTA file containing VBScript.
– The exploit sends an HTTP request disguised as a CSS resource to a command-and-control server.
– Ransom notes demand 0.1 BTC (around $6,700) for decryption.
Already a member? Log in here