March 15, 2023
2021 Global Cybersecurity Policy Challenges and Highlights

For many global policymakers, the transformative impact of the COVID-19 pandemic has reinforced the need to adopt new cybersecurity and privacy policies. Here’s a look at what we can expect in the year ahead.

The COVID-19 pandemic and resulting global economic downturn represent new challenges for government security leaders. Indeed, the massive shift to remote work for both the public and private sectors has forced businesses, governments and other organizations to adapt security practices, processes and policies to account for the significant range of new devices and assets which are now connected to enterprise networks. Both governments and enterprises have seen increases in COVID-19 related phishing and other cyberattacks against employees during the pandemic. Unpatched hardware, software and configuration vulnerabilities in home devices can now be exploited and leveraged to attack enterprise networks. 

For many global policymakers, the transformative impact of the pandemic has reinforced the need to adopt new cybersecurity and privacy policies, many of which were under consideration before the pandemic, in order to strengthen trust in the digital economy. These include efforts to promote data privacy and protection, raise baseline security standards of care, and implement cybersecurity certification regimes. 

At Tenable, we’ve identified the following global privacy and cybersecurity policy challenges and expected developments that cybersecurity professionals need to monitor in 2021: 

March 15, 2023
PHP’s Git Server Hacked to Insert Secret Backdoor to Its Source code

In yet another instance of a software supply chain attack, the official PHP GitHub repository was tampered with to insert unauthorized updates.

The two malicious commits were pushed to the “php-src” repository hosted on the git.php.net server, illicitly using the names of Rasmus Lerdorf, the author of the programming language, and Nikita Popov, a software developer at Jetbrains.

The changes are said to have been made yesterday on March 28.

“We don’t yet know how exactly this happened, but everything points towards a compromise of the git.php.net server (rather than a compromise of an individual git account,” Popov said in an announcement.

The changes, which were committed as “Fix Typo” in an attempt to slip through undetected as a typographical correction, involved provisions for the arbitrary execution of arbitrary PHP code. “This line executes PHP code from within the useragent HTTP header, if the string starts with ‘zerodium’,” PHP developer Jake Birchall said.

Besides reverting the changes, the maintainers of PHP are said to be reviewing the repositories for any corruption beyond the aforementioned two commits. Additionally, contributing to the PHP project will now require developers to be added as a part of the organization on GitHub.

It’s not immediately clear if the tampered codebase was downloaded and distributed by other parties before the changes were spotted and reversed.

We have reached out to the maintainers of PHP for more comments, and we will update the story if we hear back.

Found this article interesting? Follow THN on