This week in the Jet CSIRT news collection: Hacking the PHP GIT Repository, Exploring Windows Server Containers from Google Project Zero, and Refunds to Victims of the Ziggy Ransomware. Key information security news was collected for you by Dmitry Lifanov, leading analyst of the Jet CSIRT Information Security Monitoring and Incident Response Center, Jet Infosystems.
Read more under the cut.
Cybercriminals hacked the official PHP GIT repository
Attackers hacked the PHP repository and loaded a backdoor into it. With this backdoor, cybercriminals could remotely run malicious code on any web server running a newer version of PHP. The malicious change was made as a result of a hacked git.php.net server and disguised as fixing typos. The developers noticed the backdoor in time and eliminated it.
Google Project Zero team published a study of containers in Windows Server
Google Project Zero expert shared information about the problems solved in March 2021 in Windows Server containers. The problems allowed for four ways to escalate privileges.
Ransomware operator Ziggy will refund funds to its victims
Back in February 2021, the ransomware operator Ziggy announced the end of its activities. At the same time, the decryption keys were published. Now the owners of Ziggy are ready to return the funds that the victims transferred to them earlier as a ransom.