security: attackers attempted to implant malware into PHP project code. In response, the project announced its passage on Github

By

Charlie Osborne

|
Monday 29 mars 2021

The official PHP Git server was hacked in an attempt to implant malware into the PHP project codebase

Sunday, Nikita Popov, the developer and supervisor of the PHP programming language, stated that two keystrokes have been added to the PHP-SRC repository whose name has been respected and the name of the PHP creator, Rasmus Lerdorf

Malicious requests, who seem to have fallen under the name Popov and Lerdorf (1, 2), were introduced as minor fixes for typos. However, contributors took a closer look at the commission “typo correction” and noticed a code error that triggered a random code in the user agent's HTTP address if you start a thread with content related to “Zerodium”

Selon Bleeping Computer, the code seems designed to implement a backdoor and create a scenario in which remote code execution (RCE) can be executed Nikita Popov explains that the development team is not completely sure how the attack happened, but there is indicates that the official HP net git server may have been hacked, instead of individual Git accounts.

The comment, “REMOVETHIS: Sold to zerodium, my-2017”, is included in the script, however, there is no indication that the vendor of the vulnerability was involved in the cyberattack Zerodium CEO, Shawky, has repeatedly described the perpetrators of the attack as «trolls», claiming that «the searcher (researchers) who found this bug / exploitation tried to sell it, but nobody wanted to buy it, so they questioned him for fun»

The security incident is investigated and the team checks the repository for any other signs of malicious activity in the meantime, the development team decided it was time to switch to GitHub for good «We have decided that maintaining our infrastructure is an unnecessary security risk and we will stop using the gitNET server. », says Nikita Popov,« Instead of that, the repositories on GitHub, that were previously only mirrors, will become primary. This means that changes should be pushed directly to GitHub rather than git.PHP »Developers who previously had access to write to the project repositories will now need to join the PHP community on GitHub

A security incident can be described as a rebound attack, in which malicious actors target an open source project, a library or other component on which a large user base depends. By hacking into a primary target, malicious code can spread to a large number of systems.

A recent example of this is the SolarWinds attack, where a supplier has been the victim of an intrusion and a malicious update of its Orion software. Once this malware is deployed, tens of thousands of organizations have been hacked, including Microsoft, FireEye and Mimecast .

Google BDD expert likes JIT translator Others question its value and say it can be difficult to do

matter:
Cyber ​​attack
Cybercriminality
Electronic security
PHP

By

Charlie Osborne

|
Monday 29 mars 2021

Get the best news from IT professionals delivered to your inbox every day

We are temporarily in maintenance mode, which means you will not be able to subscribe to a newsletter. Please try again in a few moments to resume the subscription process. Thank you for your patience.

Discover our file

We support small and medium-sized businesses in the development of their IT We share with you our customer stories, webinars and white papers
5 computer files to be discovered each month

Discover the next generation of storage units that deliver uptime, unmatched performance and agility
Register for the webinar

Telecommuting, infrastructure, tips and innovations
Discover our new section

Covid: How the “health certificate” “vaccination passport” non-mandatory by Thierry Britton will become mandatory

Copyright © 2021 ZDNET, A RED VENTURES COMPANY All rights reserved CUP Interactive SAS (France) All rights reserved | Confidentiality Cookies | Privacy management settings

PHP, Git, Programming language

News – FR – The official PHP Git server targeted by a computer attack
Associated title :
official PHP Git server targeted by computer attack
backdoor found in PHP's Git repository
Hacked PHP source code repository: sound alert for the language used by nearly 80% from all websites

Source: https://www.zdnet.fr/actualites/le-serveur-git-officiel-de-php-vise-par-une-attaque-informatique-39920209.htm

Building on its expertise in the areas of digital, technologies and processes , CSS Engineering you in your most ambitious transformation projects and helps you bring out new ideas, new offers, new modes of collaboration, new ways of producing and selling.

CSS Engineering is involved in projects each customer as if it were his own. We believe a consulting company should be more than an advisor. We put ourselves in the place of our customers, to align we incentives to their goals, and collaborate to unlock the full potential their business. This establishes deep relationships and enjoyable.

Our services:

  1. Create professional websites
  2. Hosting high performance and unlimited
  3. Sale and video surveillance cameras installation
  4. Sale and Installation of security system and alarm
  5. E-Marketing

All our achievements here https://www.css-engineering.com/en/works/