Old ThinkPHP flaws leveraged by Chinese hackers

7 June 2024

Ongoing intrusions exploiting a pair of old remote code execution flaws in the widely used open-source web app framework ThinkPHP, tracked as CVE-2018-20062 and CVE-2019-9082, have been conducted by Chinese hackers since April, following a similar attack campaign launched in October, according to SecurityWeek. Both vulnerabilities have been leveraged by attackers to facilitate the eventual deployment of the Dama web shell, which has been used to enable file tampering and uploading, information gathering, network port scanning, unauthorized database access, and privilege escalation, an Akamai report showed.

Source: SC Magazine

Date:

7 June 2024

Categorie(s):

NEWS

Tag(s):

Chinese, IT, News, Old

How Ransomware Jeopardizes Healthcare Organizations17 November 2024
Are Identity Theft Protection Services Worth the Money? It’s Complicated17 November 2024
Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked17 November 2024
Google’s Gemini AI Chatbot Keeps Telling Users to Die16 November 2024
Cybersecurity Flaws in US Drinking Water Systems Put 26 Million at Risk16 November 2024