CyberSecurity news
FlagThis - #php
|
do son@securityonline.info
//
The Chinese hacking group Winnti is using a new PHP backdoor called 'Glutton' in attacks targeting organizations in China and the United States. This sophisticated malware is also being used to target other cybercriminals, marking a notable shift in Winnti's tactics. Glutton is a modular backdoor that injects code into popular PHP frameworks and systems. Once installed, it allows attackers to exfiltrate data, install backdoors, and inject malicious code, all while leaving no file traces, allowing the malware to operate undetected. The group's activities with this new backdoor have been ongoing for over a year, with evidence of its deployment dating back to December 2023.
Cybersecurity experts believe Winnti is not only targeting traditional organizations, such as those in the IT sector, social security and web development, but also the cybercrime market itself. It has been found embedded in various software packages within online criminal forums, allowing Glutton's operators to compromise the systems of other malicious actors, stealing their sensitive information. Despite its sophistication, Glutton has some weaknesses that are atypical for Winnti, such as plaintext samples and simplistic communication protocols, indicating it may still be in early development.
Share:
References :
Classification:
@ciso2ciso.com
//
Three critical vulnerabilities have been discovered in the open-source PHP package Voyager, a tool used for managing Laravel applications. These flaws allow for one-click remote code execution (RCE), potentially exposing a wide range of systems to attacks. The vulnerabilities impact Voyager’s media upload feature, allowing attackers to bypass MIME type verification and upload malicious PHP code disguised as an image or video, which then executes when processed by the server. This combined with a cross-site scripting flaw means simply clicking on a malicious link, would be enough for attackers to take over the server of an authenticated user.
The identified vulnerabilities, tracked as CVE-2024-55417, CVE-2024-55416, and CVE-2024-55415, include an arbitrary file write vulnerability, a reflected cross-site scripting (XSS) flaw and a file leak and deletion issue. These unpatched vulnerabilities pose a significant threat. The researchers at SonarSource attempted to notify the Voyager maintainers, but received no response within the 90-day disclosure window, and published details of the flaws to warn users of the potential security risk. Users are urged to exercise extreme caution while using the unpatched package.
Share:
References :
Classification:
@jocert.ncsc.jo
//
A critical security vulnerability, CVE-2022-31631, has been identified in PHP that could expose websites and applications to SQL injection attacks. The vulnerability resides in the PDO::quote() function when used with SQLite databases. This flaw stems from an integer overflow issue, potentially leading to improper string sanitization. Successful exploitation could allow attackers to inject malicious code, gain control of the database, steal sensitive data, or modify database content.
Users of PHP are urged to update to patched versions immediately. The vulnerability affects PHP versions 8.0.x before 8.0.27, 8.1.x before 8.1.15, and 8.2.x before 8.2.2. Fixed versions include PHP versions 8.0.27, 8.1.15, or 8.2.2 (or later). NetApp has issued an advisory, NTAP-20230223-0007, acknowledging the vulnerability in multiple NetApp products, stating successful exploitation could lead to Denial of Service (DoS).
Share:
References :
Classification:
|