Technology NewsTechnology NewsTechnology News
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Reading: TellYouThePass Ransomware Exploits PHP Vulnerability
Share
Font ResizerAa
Technology NewsTechnology News
Font ResizerAa
Search
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Follow US
  • Cookie Policy (EU)
  • Contact
  • About
© 2025 NEWSLINKER - Powered by LK SOFTWARE
Cybersecurity

TellYouThePass Ransomware Exploits PHP Vulnerability

Highlights

  • TellYouThePass exploits critical PHP vulnerability CVE-2024-4577.

  • Imperva notes rapid exploitation following PoC release.

  • PHP updates essential to mitigate ransomware risk.

Kaan Demirel
Last updated: 11 June, 2024 - 9:46 am 9:46 am
Kaan Demirel 11 months ago
Share
SHARE

The notorious TellYouThePass ransomware gang has rapidly exploited a critical remote code execution (RCE) vulnerability in PHP, identified as CVE-2024-4577. The vulnerability allows unauthenticated attackers to execute arbitrary code on susceptible PHP installations, posing significant risks to affected systems. The swift exploitation of this flaw follows the public release of a proof-of-concept (PoC) exploit, with Imperva researchers noting the ransomware operators’ actions within hours of the PoC’s availability. This highlights the urgent need for organizations using PHP to apply security patches to mitigate potential threats.

Contents
Rapid Response NeededKey Takeaways

PHP, a widely-used open-source scripting language, launched in 1995 by Rasmus Lerdorf, is essential for web development. Known for its server-side scripting capabilities, PHP is embedded within HTML and powers numerous websites globally. PHP has seen various updates, with the latest versions addressing critical security vulnerabilities, including the newly discovered CVE-2024-4577, to enhance its robustness against cyber threats.

Past incidents involving TellYouThePass ransomware reveal a consistent pattern of exploiting high-profile vulnerabilities. In late 2021, the group leveraged the Log4Shell vulnerability to compromise Windows and Linux systems. Further, the malware was adapted to the Go programming language in 2022, broadening its scope to target macOS. These historical exploitations show the group’s agility in adopting emerging vulnerabilities to expand their attack vectors.

The latest attack using the PHP RCE vulnerability is another instance of the TellYouThePass group’s evolving tactics. In November 2023, they exploited another critical RCE flaw in Apache ActiveMQ message broker servers, tracked as CVE-2023-46604. Security researchers have also linked this gang to HelloKitty ransomware attacks utilizing the same vulnerability, further demonstrating their ability to integrate new exploits into their operations efficiently.

Rapid Response Needed

Organizations must proactively address this vulnerability by updating their PHP installations to the latest versions—8.2.7, 8.1.19, and 7.4.33—that contain security patches for CVE-2024-4577. Failure to do so can result in unauthorized access, lateral movement within networks, and eventual file encryption, followed by ransom demands.

Key Takeaways

– The TellYouThePass ransomware group quickly exploits new vulnerabilities.
– The PHP vulnerability CVE-2024-4577 is actively targeted.
– PHP installations should be updated to the latest patched versions immediately.

The rapid weaponization of CVE-2024-4577 by TellYouThePass underscores the critical importance of timely patching and system updates in cybersecurity defense. Organizations using PHP must prioritize updates to protect against this and similar threats. This case also illustrates the persistent and evolving nature of ransomware groups, necessitating constant vigilance and proactive security measures. By staying informed about emerging vulnerabilities and applying patches promptly, organizations can significantly reduce the risk of ransomware attacks and enhance their overall cybersecurity posture.

You can follow us on Youtube, Telegram, Facebook, Linkedin, Twitter ( X ), Mastodon and Bluesky

You Might Also Like

Cyberattack Forces PowerSchool to Face Extortion Scandal

CrowdStrike Faces Workforce Reduction Amid Financial Shifts

Authorities Seize DDoS Platforms in Multi-National Operation

Trump Urges Colorado to Release Jailed Clerk Over Election Breach

Google Targets Vulnerabilities in May Security Update

Share This Article
Facebook Twitter Copy Link Print
Kaan Demirel
By Kaan Demirel
Kaan Demirel is a 28-year-old gaming enthusiast residing in Ankara. After graduating from the Statistics department of METU, he completed his master's degree in computer science. Kaan has a particular interest in strategy and simulation games and spends his free time playing competitive games and continuously learning new things about technology and game development. He is also interested in electric vehicles and cyber security. He works as a content editor at NewsLinker, where he leverages his passion for technology and gaming.
Previous Article Fortinet Acquires Lacework to Boost Cloud Security
Next Article Elon Musk Challenges Apple-OpenAI Partnership

Stay Connected

6.2kLike
8kFollow
2.3kSubscribe
1.7kFollow

Latest News

Mazda Partners with Tesla for Charging Standard Shift
Electric Vehicle
Trump Alters AI Chip Export Strategy, Reversing Biden Controls
AI
Solve Wordle’s Daily Puzzle with These Expert Tips
Gaming
US Automakers Boost Robot Deployment in 2024
Robotics
Uber Expands Autonomy Partnership with $100 Million Investment in WeRide
Robotics
NEWSLINKER – your premier source for the latest updates in ai, robotics, electric vehicle, gaming, and technology. We are dedicated to bringing you the most accurate, timely, and engaging content from across these dynamic industries. Join us on our journey of discovery and stay informed in this ever-evolving digital age.

ARTIFICAL INTELLIGENCE

  • Can Artificial Intelligence Achieve Consciousness?
  • What is Artificial Intelligence (AI)?
  • How does Artificial Intelligence Work?
  • Will AI Take Over the World?
  • What Is OpenAI?
  • What is Artifical General Intelligence?

ELECTRIC VEHICLE

  • What is Electric Vehicle in Simple Words?
  • How do Electric Cars Work?
  • What is the Advantage and Disadvantage of Electric Cars?
  • Is Electric Car the Future?

RESEARCH

  • Robotics Market Research & Report
  • Everything you need to know about IoT
  • What Is Wearable Technology?
  • What is FANUC Robotics?
  • What is Anthropic AI?
Technology NewsTechnology News
Follow US
About Us   -  Cookie Policy   -   Contact

© 2025 NEWSLINKER. Powered by LK SOFTWARE
Welcome Back!

Sign in to your account

Register Lost your password?