Security News > 2019 > January > PHP PEAR supply chain attack: Backdoor added to installer
2019-01-24 12:57
Some additional details have emerged about the recent security breach involving the PHP PEAR (PHP Extension and Application Repository) webserver, but much is still unknown. What happened? The PEAR project maintains a system for distributing PHP software code and for managing free code libraries (aka packages) written in the popular programming language. On Saturday, the project’s site (located at pear.php.net) has been temporarily disabled and visitors were pointed towards a short warning saying that anyone … More → The post PHP PEAR supply chain attack: Backdoor added to installer appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/2tYrMbExIGE/
Related news
- New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations (source)
- Cisco warns of CSLU backdoor admin account used in attacks (source)
- Recent GitHub supply chain attack traced to leaked SpotBugs token (source)
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack (source)
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
- Ripple NPM supply chain attack hunts for private keys (source)
- Magento supply chain attack compromises hundreds of e-stores (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- ⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors (source)