Security News

Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. The world would not find out about the SolarWinds debacle until early December 2020, when FireEye first disclosed the extent of its own compromise from the SolarWinds malware and published details about the tools and techniques used by the perpetrators.

More than 100,000 web pages hosted by Google Sites are being used to trick netizens into opening business documents booby-trapped with a remote-access trojan that takes over victims' PCs and hands control to miscreants. Infosec outfit eSentire on Tuesday said it has noted a wave of so-called search redirection shenanigans, in which people Googling for business forms and the like are shown links to web pages published via Google Sites - a Google-hosted web service - that offer a download of whatever materials they were looking for.

Unknown hackers attempted to add a backdoor to the PHP source code. It was two malicious commits, with the subject "Fix typo" and the names of known PHP developers and maintainers.

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. "We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user database leaked," Nikita Popov said in a message posted on its mailing list on April 6.

Why Apple had to rush out a security update for iDevices. Two cryptographic security holes patched in OpenSSL. How PHP nearly got backdoored by crooks.

Cybersecurity researchers on Tuesday disclosed details of a sophisticated campaign that deploys malicious backdoors for the purpose of exfiltrating information from a number of industry sectors located in Japan. Dubbed "A41APT" by Kaspersky researchers, the findings delve into a new slew of attacks undertaken by APT10 using previously undocumented malware to deliver as many as three payloads such as SodaMaster, P8RAT, and FYAnti.

Open source web programming language PHP narrowly avoided a potentially dangerous supply chain attack over the weekend. In theory, anyone who downloaded the very latest "Still in development" version of PHP on Sunday 2021-03-28, compiled it, and installed it on a real-life, internet facing web server could have been at risk.

Malicious commits were made to the php-src repo on Sunday that could have enabled hackers to perform remote code execution on websites running the hijacked code. The main Git repository for the PHP programming language has been moved to GitHub after hackers tried to insert a backdoor into the source code.

The PHP project on Sunday announced that attackers were able to gain access to its main Git server, uploading two malicious commits, including a backdoor. "Had it not been detected, the code could have ultimately poisoned the binary package repositories which countless organizations rely upon and trust. Open-source projects which are self-hosting their code repositories may be at increased risk of this type of supply-chain attack and must have robust processes in place to detect and reject suspicious commits."

The developers of the PHP scripting language revealed on Sunday that they had identified what appeared to be malicious code in the php-src repository hosted on the git. The unauthorized code was disguised as two typo fix-related commits apparently pushed by Rasmus Lerdorf, author of the PHP language, and Nikita Popov, an important PHP contributor.