Security News > 2019 > January > PHP PEAR supply chain attack: Backdoor added to installer
Some additional details have emerged about the recent security breach involving the PHP PEAR (PHP Extension and Application Repository) webserver, but much is still unknown. What happened? The PEAR project maintains a system for distributing PHP software code and for managing free code libraries (aka packages) written in the popular programming language. On Saturday, the project’s site (located at pear.php.net) has been temporarily disabled and visitors were pointed towards a short warning saying that anyone … More → The post PHP PEAR supply chain attack: Backdoor added to installer appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/2tYrMbExIGE/
Related news
- EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files (source)
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Revival Hijack supply-chain attack threatens 22,000 PyPI packages (source)
- Australian Police conducted supply chain attack on criminal collaborationware (source)
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)