security: attackers attempted to implant malware into PHP project code. In response, the project announced its passage on Github
Monday 29 mars 2021
The official PHP Git server was hacked in an attempt to implant malware into the PHP project codebase
Sunday, Nikita Popov, the developer and supervisor of the PHP programming language, stated that two keystrokes have been added to the PHP-SRC repository whose name has been respected and the name of the PHP creator, Rasmus Lerdorf
Malicious requests, who seem to have fallen under the name Popov and Lerdorf (1, 2), were introduced as minor fixes for typos. However, contributors took a closer look at the commission “typo correction” and noticed a code error that triggered a random code in the user agent's HTTP address if you start a thread with content related to “Zerodium”
Selon Bleeping Computer, the code seems designed to implement a backdoor and create a scenario in which remote code execution (RCE) can be executed Nikita Popov explains that the development team is not completely sure how the attack happened, but there is indicates that the official HP net git server may have been hacked, instead of individual Git accounts.
The comment, “REMOVETHIS: Sold to zerodium, my-2017”, is included in the script, however, there is no indication that the vendor of the vulnerability was involved in the cyberattack Zerodium CEO, Shawky, has repeatedly described the perpetrators of the attack as «trolls», claiming that «the searcher (researchers) who found this bug / exploitation tried to sell it, but nobody wanted to buy it, so they questioned him for fun»
The security incident is investigated and the team checks the repository for any other signs of malicious activity in the meantime, the development team decided it was time to switch to GitHub for good «We have decided that maintaining our infrastructure is an unnecessary security risk and we will stop using the gitNET server. », says Nikita Popov,« Instead of that, the repositories on GitHub, that were previously only mirrors, will become primary. This means that changes should be pushed directly to GitHub rather than git.PHP »Developers who previously had access to write to the project repositories will now need to join the PHP community on GitHub
A security incident can be described as a rebound attack, in which malicious actors target an open source project, a library or other component on which a large user base depends. By hacking into a primary target, malicious code can spread to a large number of systems.
A recent example of this is the SolarWinds attack, where a supplier has been the victim of an intrusion and a malicious update of its Orion software. Once this malware is deployed, tens of thousands of organizations have been hacked, including Microsoft, FireEye and Mimecast .
Google BDD expert likes JIT translator Others question its value and say it can be difficult to do
Monday 29 mars 2021
Get the best news from IT professionals delivered to your inbox every day
We are temporarily in maintenance mode, which means you will not be able to subscribe to a newsletter. Please try again in a few moments to resume the subscription process. Thank you for your patience.
Discover our file
We support small and medium-sized businesses in the development of their IT We share with you our customer stories, webinars and white papers
5 computer files to be discovered each month
Discover the next generation of storage units that deliver uptime, unmatched performance and agility
Register for the webinar
Telecommuting, infrastructure, tips and innovations
Discover our new section
Covid: How the “health certificate” “vaccination passport” non-mandatory by Thierry Britton will become mandatory
Copyright © 2021 ZDNET, A RED VENTURES COMPANY All rights reserved CUP Interactive SAS (France) All rights reserved | Confidentiality Cookies | Privacy management settings
PHP, Git, Programming language
News – FR – The official PHP Git server targeted by a computer attack
Associated title :
– official PHP Git server targeted by computer attack
– backdoor found in PHP's Git repository
– Hacked PHP source code repository: sound alert for the language used by nearly 80% from all websites