Out of band notification, UPDATE – PHP ACE VULNERABILITY

Out of band notification, UPDATE – PHP ACE VULNERABILITY

As on November 3, CYFIRMA Threat Intelligence had observed heightened interest in Korean and Russian speaking hacker groups about the PHP-FPM Vulnerability with NGINX tracked as CVE-201911043, an Arbitrary Code Execution Vulnerability.

This instance pointed to hackers seemingly working on reconnaissance tools to identify systems at a global scale which are using vulnerable PHP and NGINX combination.

The following details were associated with this campaign:

  • Target Nations: USA, UK, Australia, Japan, and India
  • Industry sector: Financial, Insurance, Manufacturing, Online platforms, payment systems, B2C retails platforms, etc.
  • Motivation: Data exfiltration, reputational damage

CYFIRMA Risk Rating for this Out of Band Notification was: CRITICAL

Analysis of captured hackers’ footprints and correlation with external threat vectors, indicate that this is a potential threat, and organizations were advised to take precautionary measures as discussed in the following report.

If you would like to read the report, please take a moment to complete the following form.