Research Blaze.
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • News
  • Technology
    Facebook and Instagram on the Verge of shutting down in Europe; What actually happened?

    Facebook and Instagram on the Verge of shutting down in Europe; What actually happened?

    Twitter users can now test the Downvote feature Worldwide

    Twitter users can now test the Downvote feature Worldwide

    Raspberry Pi 64-bit OS rolls out stable version; Everything to know

    Raspberry Pi 64-bit OS rolls out stable version; Everything to know

    PlayStation and Discord integration has started to Roll Out, Everything to know

    PlayStation and Discord integration has started to Roll Out, Everything to know

    Yoshinori Kitase CONFIRMS Final Fantasy 7 Remake Part 2 Reveal Might Come in Late 2022

    Yoshinori Kitase CONFIRMS Final Fantasy 7 Remake Part 2 Reveal Might Come in Late 2022

    What is Play Station State of Play? Everything to Know

    What is Play Station State of Play? Everything to Know

    Redesigned iMac Pro, New AirPods Pro, and More Launching in 2022 according to Mark Gurman

    Redesigned iMac Pro, New AirPods Pro, and More Launching in 2022 according to Mark Gurman

    Facebook and Google might soon get ordered to PAY TO ADVERTISE for fairer competition

    Facebook and Google might soon get ordered to PAY TO ADVERTISE for fairer competition

    The “Fastest AI supercomputer” will be made by Meta and Nvidia deal Claims Mark Zuckerberg

    The “Fastest AI supercomputer” will be made by Meta and Nvidia deal Claims Mark Zuckerberg

  • Gadget
    Elon Musk NEARING towards Human Trials for his Neuralink Brain Implant Chips

    Elon Musk NEARING towards Human Trials for his Neuralink Brain Implant Chips

  • Design
No Result
View All Result
Research Blaze.
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • News
  • Technology
    Facebook and Instagram on the Verge of shutting down in Europe; What actually happened?

    Facebook and Instagram on the Verge of shutting down in Europe; What actually happened?

    Twitter users can now test the Downvote feature Worldwide

    Twitter users can now test the Downvote feature Worldwide

    Raspberry Pi 64-bit OS rolls out stable version; Everything to know

    Raspberry Pi 64-bit OS rolls out stable version; Everything to know

    PlayStation and Discord integration has started to Roll Out, Everything to know

    PlayStation and Discord integration has started to Roll Out, Everything to know

    Yoshinori Kitase CONFIRMS Final Fantasy 7 Remake Part 2 Reveal Might Come in Late 2022

    Yoshinori Kitase CONFIRMS Final Fantasy 7 Remake Part 2 Reveal Might Come in Late 2022

    What is Play Station State of Play? Everything to Know

    What is Play Station State of Play? Everything to Know

    Redesigned iMac Pro, New AirPods Pro, and More Launching in 2022 according to Mark Gurman

    Redesigned iMac Pro, New AirPods Pro, and More Launching in 2022 according to Mark Gurman

    Facebook and Google might soon get ordered to PAY TO ADVERTISE for fairer competition

    Facebook and Google might soon get ordered to PAY TO ADVERTISE for fairer competition

    The “Fastest AI supercomputer” will be made by Meta and Nvidia deal Claims Mark Zuckerberg

    The “Fastest AI supercomputer” will be made by Meta and Nvidia deal Claims Mark Zuckerberg

  • Gadget
    Elon Musk NEARING towards Human Trials for his Neuralink Brain Implant Chips

    Elon Musk NEARING towards Human Trials for his Neuralink Brain Implant Chips

  • Design
No Result
View All Result
Research Blaze.
No Result
View All Result

PHP’s Git Server Hacked, An Attempt to Insert Secret Backdoor To Its Source Code Was Made

MonkeyDLuffy by MonkeyDLuffy
April 1, 2021
in Uncategorized
0 0
0
PHP’s Git Server Hacked, An Attempt to Insert Secret Backdoor To Its Source Code Was Made
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

It hasn’t been long enough since the Microsoft’s Exchange Server attacks that we have witnessed another one.

This time, it’s the official Git server in the PHP programming language. A supply chain attack pushed some malicious updates and inserted a secret backdoor into the source code. Reportedly, the serves were compromised on 28th March. This malicious actor tried to attack and push the backdoored code and was disguised as a developer.

Details About The Attack

These two poisonous bugs entered the self-hosted “Php-src” repository that is hosted on the git.php.net server. Illegitimately, these malicious actors used the names of Rasmus Lerdorf, the author of the programming language, and Nikita Popov, a software developer at Jetbrains.

“We don’t yet know how exactly this happened, but everything points toward a compromise of the git.php.net server (rather than a compromise of an individual git account),” Popov mentioned in a public notice.

Tentatively, these malicious changes came to the public eye by Sunday night. They were discovered by developers including Markus Staab, Jake Birchall, and Michael Vorisek while they were analyzing a previously made commit on Saturday.

The update, which appears to ‘fix a typo’, was made under an account that was using Lerdorf’s name.

Not long after the first catch, Voříšek spotted the second malicious commit, which was made under Popov’s account name. It appears to revert the previous ‘typo fix’.

Git.php.net server will be discontinued

Before talking about the discontinuation of the server, it is important to mention some critical details regarding the attack.

Interestingly, the code of both the commits gave a reference to ‘Zerodium.’ ZERODIUM is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research. In simple terms, they actually, buy exploits from researchers and sells them to government agencies for use in investigations or other purposes. There is still ambiguity on the matter that why Zerodium was referenced, although the matter is being investigated.

But, Zerodium was very quick in response, when they heard of the accusation. Immediately, the company’s CEO, Chaouki Bekrar, tweeted, “Cheers to the troll who put ‘Zerodium’ in today’s PHP git compromised commits,” he added, “Obviously, we have nothing to do with this. Likely, the researcher(s) who found this bug/exploit tried to sell it to many entities but none wanted to buy this crap, so they burned it for fun.”

The team working on PHP has discontinued the git.php.net server and the repositories on GitHub, which were previously only mirrors, will become canonical, according to them.

Now, instead of the previously followed norm, contributors will have to be part of the PHP organization on GitHub. Additionally, they’ll be using two-factor authentication for accounts with the ability to make commits.

According to current estimations, nearly 80 percent of the websites on the internet are run by PHP. Till now, there are no reports regarding the malicious changes causing damage to their back-end.

HD Moore, CEO of Rumble, a network discovery platform said that these changes were made by people to brag about their unauthorized access to the PHP Git server as there were no serious damages done.

Previous Post

Afro American scientist Dr. Kizzmekia Corbett Becomes a Role Model for Many for Her Contributions in Vaccine Development

Next Post

UTSA professor cited by World Health Organization for research on Covid-19

MonkeyDLuffy

MonkeyDLuffy

Next Post
UTSA professor cited by World Health Organization for research on Covid-19

UTSA professor cited by World Health Organization for research on Covid-19

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

You might also like

Facebook and Instagram on the Verge of shutting down in Europe; What actually happened?

Facebook and Instagram on the Verge of shutting down in Europe; What actually happened?

February 9, 2022
Hogwarts Legacy may finally release on this date CONFIRMED for PlayStation, Xbox and PC

Hogwarts Legacy may finally release on this date CONFIRMED for PlayStation, Xbox and PC

February 9, 2022
Twitter users can now test the Downvote feature Worldwide

Twitter users can now test the Downvote feature Worldwide

February 7, 2022
Raspberry Pi 64-bit OS rolls out stable version; Everything to know

Raspberry Pi 64-bit OS rolls out stable version; Everything to know

February 7, 2022
PlayStation and Discord integration has started to Roll Out, Everything to know

PlayStation and Discord integration has started to Roll Out, Everything to know

February 7, 2022
Know about All the New Games that are now Available with XBOX Game Pass in February 2022

Know about All the New Games that are now Available with XBOX Game Pass in February 2022

February 6, 2022
Research Blaze

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

Tags

AirPods Pro Apple Apple Car Apple Watch ColorOS Discord Disney+ Elon Musk Facebook Final Fantasy Ghostwire Tokyo God of War Ragnarok Google Gran Turismo 7 H2O OS Halo Hogwarts Legacy iMac iMac Pro Instagram iOS iPhone Kiki Wolfkill MacBook Mark Gurman Mark Zuckerberg Meta Metaverse Netflix Neuralink Nvidia OnePlus OnePlus 10 Pro OPPO Paramount+ Play Station PlayStation Python Raspberry Pi Sony Tesla Twitter Xbox Yoshinori Kitase YouTube

Stay Connected

  • Home
  • News
  • Technology
  • Gadget
  • Design

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • News
  • Technology
  • Gadget
  • Design

© 2022 JNews - Premium WordPress news & magazine theme by Jegtheme.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In