![]() Twitter user suggested that the mention could be a joke, tweeting: “What’s your guess regarding the “Zerodium” reference? Just a joke? Or maybe talking about the root bug that lead to the repo compromise?” This has sparked conversation online as the cybersecurity community scrambles to determine who is behind the attack. The malicious code includes reference to ‘Zerodium’, a US company known for buying zero-day exploits. Maintainers are now reviewing the repositories for any signs of further compromise. This means that changes should be pushed directly to GitHub rather than to. The team behind PHP has discontinued the server and the repositories on GitHub, which were previously only mirrors, will become canonical, they said. ![]() Maintainer Nikita Popov wrote in a statement that they believe attackers found a way in through compromise of the server rather than any individual account. Read more of the latest news about remote code executionĭigging deeper, the code actually planted a backdoor that opened the door for the remote takeover of any website that uses PHP. However, it is known that the malicious actor pushed the changes under an upstream named ‘fix typo’, apparently trying to cover their tracks by claiming they were making minor changes to the code. It is so far unknown who the perpetrator was or how they were able to publish the commits, since they were uploaded under legitimate maintainers’ names. This includes all WordPress sites, which are built on PHP. PHP is thought to underpin almost 80% of websites, according to a study by Web Technology Surveys. ![]() The malicious attacker pushed two commits to the php-src repo for the popular scripting language that contained a backdoor allowing for remote code execution (RCE), maintainers revealed. Scripting language falls victim to cyber-attackĪn unknown actor compromised the official PHP Git repository last night (March 28), pushing backdoored code under the guise of a minor edit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |