Security daily (29-03-2021)

Hackers try to bug PHP programming language in supply chain cautionary tale

Unidentified hackers have tried to plant malicious code in PHP, a programming language used in an estimated 79% of websites. The developers who maintain PHP said Sunday that the attackers likely broke in through a PHP server, and made two “commits,” or attempted changes to the PHP source code. It’s but one example of the supply-chain vulnerabilities inherent in the basic building blocks of popular websites. “While investigation is still underway, we have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the git.php.net server,” Nikita Popov, a software developer who helps maintain PHP, said in a statement. Popov said PHP would move its code repositories to GitHub, an open-source platform for software developers.      Popov did not immediately respond to a request for comment, but told Bleeping Computer that PHP’s maintainers had caught the malicious code before it was introduced publicly […] The post Hackers try to bug PHP programming language in supply chain cautionary tale appeared first on CyberScoop. (CyberScoop)

Australia investigates reported hacks aimed at parliament, media

Australian officials are investigating two apparent security issues that have resulted in downtime for a parliamentary email system, and technical issues for a popular television broadcaster. An apparent cyber incident knocked Australia’s Parliament House’s email system offline just as Australia’s Channel Nine broadcasting was interrupted by hackers over the weekend. The suspected attack on Parliament has reportedly left MPs and senators without email access, while the incident affecting Channel Nine has primarily interrupted the broadcasting and corporate business departments, leaving the network unable to air its Weekend Today show on Sunday, the network said. Local media outlets reported that the incident was the largest cyberattack to ever affect an Australian media company. The publishing and radio departments appeared to continue functioning without issue. Meanwhile, smartphones and tablets at Department of Parliamentary Services were malfunctioning as a result of an attack there, DPS said in a statement. It was not immediately […] The post Australia investigates reported hacks aimed at parliament, media appeared first on CyberScoop. (CyberScoop)

Naked Security Live – Lessons beyond ransomware

Cybercrime isn't about just one sort of attack, one type of crook, or one method of protection! (Naked Security)

Suspected Russian Hackers Gained Access To US Homeland Security Emails

(News ≈ Packet Storm)

Channel Nine Cyber-Attack Disrupts Live Broadcasts In Australia

(News ≈ Packet Storm)

US Charges Close To 500 Individuals For COVID-19 Fraud, Criminal Activity

(News ≈ Packet Storm)

PHP Repository Exploited by Hackers

The official PHP git repository, http://git.php.net/, was compromised this Sunday, March 28. An attacker was able to modify the PHP source code twice and inject a backdoor into it. Thankfully, both attempts were quickly detected and removed by the PHP team. Per a statement released in PHP’s internal mailing list, the current investigation believes the git.php.net server itself has been compromised rather than the individual’s account. Everything points towards a compromise of the git.php.net server. Continue reading PHP Repository Exploited by Hackers at Sucuri Blog. (Sucuri Blog)

Flaws in Ovarro TBox RTUs Could Open Industrial Systems to Remote Attacks

As many as five vulnerabilities have been uncovered in Ovarro's TBox remote terminal units (RTUs) that, if left unpatched, could open the door for escalating attacks against critical infrastructures, like remote code execution and denial-of-service. "Successful exploitation of these vulnerabilities could result in remote code execution, which may cause a denial-of-service condition," the U.S. (The Hacker News)

New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems

Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. Discovered by Piotr Krysiuk of Symantec's Threat Hunter team, the flaws — tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS (The Hacker News)

How to Effectively Prevent Email Spoofing Attacks in 2021?

Email spoofing is a growing problem for an organization's security. Spoofing occurs when a hacker sends an email that appears to have been sent from a trusted source/domain. Email spoofing is not a new concept. Defined as "the forgery of an email address header to make the message appear as if it was sent from a person or location other than the actual sender," it has plagued brands for decades. (The Hacker News)

PHP's Git Server Hacked to Insert Secret Backdoor to Its Source code

In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The two malicious commits were pushed to the self-hosted "php-src" repository hosted on the git.php.net server, illicitly using the names of Rasmus Lerdorf, the author of the (The Hacker News)

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its findings with the GSM Association (GSMA) on February 4, 2021, following which the weaknesses were (The Hacker News)

Pair of Apex Legends Players Banned for DDoS Server Attacks

Predator-ranked players on Xbox console game version rigged matches with DDoS attacks. (Threatpost)

Hades Ransomware Gang Exhibits Connections to Hafnium

There could be more than immediately meets the eye with this targeted attack group. (Threatpost)

PHP Infiltrated with Backdoor Malware

The server for the web-application scripting language was compromised on Sunday. (Threatpost)


/security-daily/ 30-03-2021 23:44:23