Security News

The PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers. Php.net server," developer Nikita Popov explained in a message sent out through one of the project's mailing lists.

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.

In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The changes, which were committed as "Fix Typo" in an attempt to slip through undetected as a typographical correction, involved provisions for execution of arbitrary PHP code.

The hacked version of Xcode would add malware into iOS apps when they were compiled on an infected system, without infecting the source code of the app itself. As we said at the time, "Developers with sloppy security practices, such as using illegally-acquired software of unvetted origin for production builds, turned into iOS malware generation factories for the crooks behind XcodeGhost."

FIN8 is a financially motivated threat group whose typical mode of attack has been to steal payment-card data from point-of-sale environments, particularly those of retailers, restaurants and the hotel industry. Bitdefender has recently identified specific attacks on seven targets during its monitoring of the command-center infrastructure used in previous FIN8 attacks.

Someone based in the US, perhaps at an infected organization, uploaded the malware to a public malware repository in August last year for analysis, well before the cyber-spying campaign became public. John McAfee, the security industry's equivalent of a wacky great-uncle who drinks too much at Christmas and goes off the rails, is now facing serious charges from the US Department of Justice.

This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition. Infatica's code then uses the browser of anyone who has that extension installed to route Web traffic for the company's customers, including marketers or anyone able to afford its hefty monthly subscription charges.

Email security biz Mimecast not only fell victim to the SolarWinds hackers, leading to its own customers being attacked, it is also trimming its workforce amid healthy profits. Last month Mimecast revealed that one of its cryptographic certificates was purloined by the same team that smuggled a hidden backdoor into SolarWinds' Orion network monitoring software.

Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file. Even though multiple Microsoft security accounts were tagged on Twitter and the company was also contacted to provide a statement regarding this ongoing issue, Redmond hasn't yet provided an official reply.

ESET researchers discovered Kobalos, a malware that has been attacking supercomputers - high performance computer clusters - as well as other targets such as a large Asian ISP, a North American endpoint security vendor, and several privately held servers. "Perhaps unrelated to the events involving Kobalos, there were multiple security incidents involving HPC clusters in the past year. Some of them hit the press and details were made public in an advisory from the European Grid Infrastructure CSIRT about cases where cryptocurrency miners were deployed. The EGI CSIRT advisory shows compromised servers in Poland, Canada and China were used in these attacks. Press articles also mention Archer, a breached UK-based supercomputer where SSH credentials were stolen, but does not contain details about which malware was used, if any," ESET researchers noted.