Sunday December 8, 2019
Home Lead Story Hackers Using...

Hackers Using Bug in PHP7 to Hijack Web Servers

The vulnerability only impacts servers using the NGINX web server with the PHP-FPM extension and users who are unable to update their PHP install can mitigate the problem by setting a rule within the standard PHP ModSecurity firewall

0
//
cyber attacks, hackers
Representational image. Pixabay

Russia-based security researcher Emil ‘Neex Lerner has disclosed a remote-code execution vulnerability in PHP 7 – the newest iteration of the massively widespread net growth language used by hackers.

PHP is a server side scripting language that is used to develop static websites, dynamic websites or web applications. It forms the basis of popular content management systems like WordPress, Drupal, as well as Facebook (kinda). Due to this, it is a huge deal whenever someone wants to identify a security vulnerability within it.

With this vulnerability, which has the CVE-ID of 2019-11043, an attacker may drive a distant net server to execute their very own arbitrary code just by accessing a crafted URL. The attacker only needs to add “?a=” to the website address, followed by their payload, The Next Web (TNW) reported on Sunday.

hacker
The hackers “exploited flaws on at least three of the organisation’s chapter websites – which we’re not naming – and downloaded the contents of each web server,” the report said. Pixabay

As per the report, this attack drastically lowers the barrier to entry for hacking a website which even a non-technical user could abuse.

Also Read: Reportedly, Sony Plans to sell off PlayStation Vue Streaming Service

The vulnerability only impacts servers using the NGINX web server with the PHP-FPM extension and users who are unable to update their PHP install can mitigate the problem by setting a rule within the standard PHP ModSecurity firewall. (IANS)

Next Story

Thousands Of Disney+ Accounts Hacked And Up For Sale On Dark Web

Hackers have hijacked thousands of Disney+ accounts and put them up for sale on the Dark Web

0
Hacked Disney+ accounts
Hackers have hijacked thousands of Disney+ accounts. Pixabay

As Disney garnered over 10 million subscribers for its online streaming service Disney+ on its first day of operation, reports have surfaced on Monday that hackers have already hijacked thousands of accounts and put them up for sale on the Dark Web.

ZDNet discovered several listings for Disney+ accounts on different underground hacking forums, selling for somewhere between $3 and $5.

The Disney+ launch was marred by technical issues and users reported being unable to stream their favourite movies and shows.

Several users reported losing access to their accounts.

“Many users reported that hackers were accessing their accounts, logging them out of all devices, and then changing the account’s email and password, effectively taking over the account and locking the previous owner out,” said the report on.

Disney was yet to comment.

In some cases, hackers gained access to accounts by using email and password combos leaked at other sites, while in other cases “the Disney+ credentials might have been obtained from users infected with keylogging or info-stealing malware”.

Researchers asked Disney+ to help users by rolling out support for multi-factor authentication and prevent more attacks.

Disney+ accounts sold on dark web
The hijacked Disney+ accounts are up for sale on dark web. Pixabay

On the very first day of release on November 12, Disney+ users collectively spent 1.3 million hours streaming and watching the content available to them on the platform for the first day of release.

As per reports, analysts projected that Disney+ would have anywhere between 10-18 million subscribers in its first year. Disney has signed up more than half of those projected numbers in 24 hours.

The service was launched in the US for $6.99 per month or $69 per year.

Also Read- Smart Bulbs Can Steal Personal Information Through Hacking

The company has announced the service will be launched in major European markets, including the UK, France, Germany, Italy, Spain and “a number of other countries in the region” on March 31 next year.

Earlier, Disney had said that it expected to spend about $1 billion in 2020 on original content for the platform and $2 billion by 2024. (IANS)