News for Admins

Tech News

Code Execution Flaws in PHP

The PHP community has released updates to PHP in order to patch multiple vulnerabilities in one of the most popular programming languages.

According to the Hacker News, "The vulnerabilities could leave hundreds of thousands of web applications that rely on PHP open to code execution attacks, including websites powered by some popular content management systems such as WordPress, Drupal, and TYPO3" (https://thehackernews.com/2019/09/php-programming-language.html).

Out of all these vulnerabilities, the most critical one was found in the Oniguruma library that comes bundled with PHP.

Red Hat released an advisory stating that the vulnerability "allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing crafted regular expressions" (https://access.redhat.com/security/cve/cve-2019-13224).

If your projects use PHP, please update immediately.

ESET Finds Malware That Targets Political Activists

Researchers at ESET have discovered an unreported malware dubbed Win32/StealthFalcon that exploits the Windows component Background Intelligent Transfer Service (BITS, https://www.zdnet.com/article/newly-discovered-cyber-espionage-malware-abuses-windows-bits-service/).

BITS is used by software updaters, messengers, and other services and applications that need to transfer a large amount of data without chomping on network bandwidth, like when a user is not using the machine.

According to ESET Research,

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES

Print Issues

Digital Issues

 

SUBSCRIPTIONS

Print Subs

Digisubs

 

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia