Security News > 2021 > March

The main code repository for PHP, which powers nearly 80 per cent of the internet, was breached to add malicious code and is now being moved to GitHub as a precaution. "Yesterday two malicious commits were pushed to the php-src repo from the names of Rasmus Lerdorf and myself. We don't yet know how exactly this happened, but everything points towards a compromise of the git.php.net server," said PHP maintainer Nikita Popov, who works with the PHP team at JetBrains.

The PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers. Php.net server," developer Nikita Popov explained in a message sent out through one of the project's mailing lists.

Apple has issued critical security patches for all supported phones, fondleslabs, and watches after being alerted to multiple possible intrusions by Google. According to Apple, the flaw allows for the creation of "Maliciously crafted web content," which "May lead to universal cross-site scripting." Apple has heard that the code snafu "May have been actively exploited."

The non-fungible bit merely means it's not the same as other NFTs so can't be considered as their equivalent nor traded as such. There is a single nugget of magic in NFT: authenticity.

As many as five vulnerabilities have been uncovered in Ovarro's TBox remote terminal units that, if left unpatched, could open the door for escalating attacks against critical infrastructures, like remote code execution and denial-of-service. TBox is an "All-in-one" solution for automation and control systems for supervisory control and data acquisition applications, with its telemetry software used for remote control and monitoring of assets in a number of critical infrastructure sectors, such as water, power, oil and gas, transportation, and process industries.

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.

The last year has probably seen a chunk of your workforce shift to home, negating any concept of an easily defensible corporate "Perimeter" around your systems and data. Probably, have more data than ever before to worry about, as your business increasingly relies on analytics and AI. But where is that data? In a data centre? Somewhere in the cloud? On your workers' home networks and devices?

McAfee announced the general availability of McAfee MVISION Cloud Native Application Protection Platform, a new security service designed to secure cloud native applications. McAfee MVISION CNAPP is the industry's first platform that brings application and data context to converge Cloud Security Posture Management for public cloud infrastructure, and Cloud Workload Protection Platform to protect applications distributed across virtual machines, compute instances and containers.

Businesses who change risky employee behavior methodically and effectively through personalized, timely, and relevant learning will see an improvement to their overall security posture and a reduction in the number of security incidents. It stands to reason that the training and coaching offered to employees needs to meet the same level of personalization in order to effectively combat these threats and change risky habits and behaviors over time.

To select a suitable bot protection solution for your business, you need to think about a variety of factors. A successful bot mitigation solution has to be effective immediately, stopping new bots and never seen before attack methods.