A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks

The Hacker News Daily Updates The Essentials of IT Security - 2021 Kit Download this kit to learn everything you need to know about IT Security. Download Now Sponsored LATEST NEWS Apr 30, 2021 Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks An "aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "improper SQL ... Read More Microsoft Finds 'BadAlloc' Flaws Affecting Wide-Range of IoT and OT Devices Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical ... Read More A New Slack channel for Cybersecurity Leaders Outside of the Fortune 2000 Perhaps due to the nature of the position, the InfoSec leadership roles tend to be solitary ones. CISOs, or their equivalent decision-makers in organizations without the role, have so many constant drains on their attention – keeping their knowledge fresh, building plans to secure their ... Read More Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. "We have been advised a bad actor has commenced a phishing attack with a ... Read More A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "backdoor every PHP package," resulting in a supply-chain attack. Tracked as CVE-2021-29472, the security issue ... Read More The Essentials of IT Security - 2021 Kit Download this kit to learn everything you need to know about IT Security. Download Now Sponsored This email was sent to myemailku.ghdbrevo2018@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here. Contact The Hacker News: info@thehackernews.com Unsubscribe The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India