Out of band notification, UPDATE – PHP ACE VULNERABILITY
Nov 12, 2019

As on November 3, CYFIRMA Threat Intelligence had observed heightened interest in Korean and Russian speaking hacker groups about the PHP-FPM Vulnerability with NGINX tracked as CVE-201911043, an Arbitrary Code Execution Vulnerability.

This instance pointed to hackers seemingly working on reconnaissance tools to identify systems at a global scale which are using vulnerable PHP and NGINX combination.

The following details were associated with this campaign:

CYFIRMA Risk Rating for this Out of Band Notification was: CRITICAL

Analysis of captured hackers’ footprints and correlation with external threat vectors, indicate that this is a potential threat, and organizations were advised to take precautionary measures as discussed in the following report.

Please complete the form to download this Out of Band Notification report.