Dismiss this notice
ExpressVPN Valentines 2021 Giveaway - https://www.geeks.fyi/showthread.php?tid=14246

Dismiss this notice
Internet Download Manager Giveaway - https://www.geeks.fyi/showthread.php?tid=14245

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
PHP language source code compromise attempt
[Image: php-git-backdor-featured.jpg]

Unknown attackers tried to add a backdoor to PHP scripting language source code.

Unknown attackers recently attempted to carry out a large-scale supply-chain attack by introducing malicious code to the official PHP GIT repository. If the developers hadn’t noticed the backdoor in time, it could have ended up on many Web servers and led to the largest supply-chain attack in history.

What happened with PHP

The programmers who develop the PHP language make changes to the code using a common repository built on the GIT version control system. After they implement their additions, the code goes through another review. During a routine check, a developer noticed a suspicious addition that was marked in the comments as a typo correction and added in the name of Nikita Popov, an active PHP developer. Closer examination revealed that it was a backdoor. Popov had authored no such change.

More verification showed that another, similar addition had been uploaded to the repository, this time attributed to Rasmus Lerdorf. Vigilant programmers noticed within hours, so the upcoming PHP 8.1 update (with an anticipated release by the end of the year) will not include the backdoor.

Why the code change was dangerous

A backdoor in the repository could allow attackers to remotely run malicious code on a Web server using the compromised version of PHP. Despite some loss of popularity, PHP remains the most widely used scripting language for Web content, in use by about 80% of Web servers. Although not all administrators update their tools promptly, a fair number keep their servers up to date to comply with internal or external security regulations. If the backdoor had made it into the new version of PHP, it would most likely have spread across the Web servers of many companies.

How the attackers introduced the backdoor

Experts are certain the attack was the result of a vulnerability in the internal Git server, not an issue of compromised developer accounts. In fact, the risk of someone attributing a change to another user has been known for a long time, and after this incident, the PHP support team stopped using the git.php.net server and moved to the GitHub service repository (which was previously just a mirror).

How to stay safe

Development environments are attractive targets for cybercriminals. Once they’ve compromised the code of a software product that customers trust, they can reach multiple targets at once through a supply-chain attack. Millions of users around the world use the most popular projects, so protecting them from outside machinations is especially important.
  • Regularly double-check every code change, even ones supposedly made by eminent and trustworthy programmers;
  • Monitor the security of servers and services used for development;
  • Use specialized online platforms to train employees to detect modern cyberthreats.
Continue Reading

Forum Jump:

Users browsing this thread: 1 Guest(s)
You have to register before you can post on our site.



Recent Posts
Telegram Platform Abused in ‘ToxicEye’ M...
Hackers are levera...silversurfer — 14:19
QR Codes Offer Easy Cyberattack Avenues ...
The use of mobile ...silversurfer — 14:17
Pulse Secure Critical Zero-Day Security ...
A critical zero-da...silversurfer — 14:13
Microsoft introduces support for Linux G...
Microsoft relea...harlan4096 — 07:59
Hello! MR4 is here!...harlan4096 — 07:54

Today's Birthdays
avatar (38)bycoPaist
avatar (44)pieloKat
avatar (38)ilyagNeexy
avatar (46)donitascene
Upcoming Birthdays
avatar (46)steakelask
avatar (40)Termoplenka
avatar (46)Toligo

Online Staff
There are no staff members currently online.