PHP s Git server hacked to add backdoors to PHP source code
By
Yesterday, two malicious commits were pushed to the
php-src Git repository maintained by the PHP team on their
git.php.net server.
The threat actors had signed off on these commits as if these were made by known PHP developers and maintainers, Rasmus Lerdorf and Nikita Popov.
RCE backdoor planted on PHP Git server
In an attempt to compromise the PHP code base, two malicious commits were pushed to the official PHP Git repository yesterday.
The incident is alarming considering PHP remains the server-side programming language to power over 79% of the websites on the Internet.
Notorious Maza cybercrime forum attacked by other hackers
By
01:34 PM
The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums.
Maza, aka Mazafuka, is one of the oldest cybercrime forums where the rest of the community must vote on aspiring members before they are granted access. Maza is considered to be one of the oldest and elite crime communities with one of the highest barriers of entry for hackers since the days of DirectConnection forum (home of the Dridex operators), cybersecurity intelligence firm Advanced Intel s Vitali Kremez told BleepingComputer.
Ransomware gang leaks data from Stanford, Maryland universities
By
Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group.
The threat actors obtained the documents after hacking the universities Accellion File Transfer Appliance (FTA) software used to share and store sensitive information.
Data stolen in the attack targeting Stanford Medicine s Accellion server includes names, addresses, email addresses, Social Security numbers, and financial information, reported the Stanford Daily. We discovered the breach earlier this week when the hackers posted evidence that they had accessed a limited number of files in our system containing some personally identifiable information, UMB also told DataBreaches.net.
An ongoing phishing operation that stole an estimated 400,000 OWA and Office 365 credentials since December has now expanded to abuse new legitimate services to bypass secure email gateways (SEGs).
iTWire Thursday, 01 April 2021 11:55 NZ Commerce Commission completes consumer mobile phone bills review Featured
New Zealand’s competition enforcement agency, The Commerce Commission, has completed its review of consumer mobile phone bills following feedback from the telecommunications industry on their plans for providing customers with more “meaningful product and service comparisons” and to guard against overspending.
Completion of the review comes after the Commission published an open letter in September 2020, asking telcos Spark, Vodafone and 2degrees to share their customer service plans. This was accompanied by a report from Schiff Consulting, aspects of which were later contested by the industry.
The