In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.php.net server. The threat actors had signed off on these commits as if these were made by known PHP developers and maintainers, Rasmus Lerdorf and… Read more »
Posts By: National CSIRT-CY
DDoS-for-hire services are now actively abusing misconfigured or out-of-date Datagram Transport Layer Security (D/TLS) servers to amplify Distributed Denial of Service (DDoS) attacks. DTLS is a UDP-based version of the Transport Layer Security (TLS) protocol that prevents eavesdropping and tampering in delay-sensitive apps and services.
Energy giant Shell has disclosed a data breach after attackers compromised the company’s secure file-sharing system powered by Accellion’s File Transfer Appliance (FTA). Shell (short for Royal Dutch Shell plc) is a multinational group of petrochemical and energy companies with more than 86,000 employees in over 70 countries. It is also the fifth-largest company in the works… Read more »
Yesterday, a researcher disclosed a method of hiding up to three MB of data inside a Twitter image. In his demonstration, the researcher showed both MP3 audio files and ZIP archives contained within the PNG images hosted on Twitter. Although the art of hiding non-image data in images (steganography) isn’t novel, the fact that the images can be hosted on a… Read more »
In a major unprecedented incident, data centers of OVH located in Strasbourg, France have been destroyed by fire. OVH is the largest hosting provider in Europe and the third-largest in the world. The cloud computing company provides VPS, dedicated servers, and other web services. Customers are being advised by the company to enact their disaster recovery plans after the… Read more »