"TellYouThePass Ransomware Exploits Recent PHP RCE Flaw to Breach Servers"
The "TellYouThePass" ransomware group has been using PHP's recently patched Remote Code Execution (RCE) vulnerability to deliver web shells and execute the encryptor payload. Attacks began on June 8, less than 48 hours after PHP's maintainers released security updates, using publicly available exploit code. TellYouThePass ransomware quickly uses public exploits for highly impactful vulnerabilities. Last November, the gang used an Apache ActiveMQ RCE in attacks, and in December 2021, they adopted the Log4j exploit. This article continues to discuss recent findings regarding the TellYouThePass ransomware.
Bleeping Computer reports "TellYouThePass Ransomware Exploits Recent PHP RCE Flaw to Breach Servers"
Submitted by grigby1
Submitted by grigby1 CPVI
on