TechLetters #21 - cyberattacks on software projects, on researchers, Real-Time Bidding sued

Security

PHP development hacked. Development servers of PHP were compromised. PHP source code repository too, with a backdoor code committed. "maintaining our own git infrastructure is an unnecessary security risk". Zerodium said not to be involved in any way - and in this case this below would be an example of black PR attempt to target someone’s entity. Such situations happen.

How to implant backdoors in open source software?

NK continues to target security researchers. Campaign of cyberattacks targeting security researchers is ongoing "we identified two accounts impersonating recruiters for antivirus and security companies". Be careful when opening attachments, or in fact browsing the web (water holing).

Water sanitation facility breach. Another recent case of attempted tampering with water sanitation system. “accessed the Ellsworth County Rural Water District’s protected computer system without authorization. During this unauthorized access, it is alleged Travnichek performed activities that shut down the processes at the facility which affect the facilities cleaning and disinfecting procedures with the intention of harming the Ellsworth Rural Water District No. 1,”. Done apparently by a former employee with access to systems.

Privacy

RTB sued. The use of Real-Time Bidding technology is sued. About time. I researched and spoke on the issue of programmatic selling of user data ~7years ago. Also here and here.

Mozilla furthering the phasing out of ambient light? Firefox will hide (behind a user-selected flag) the ability to use ambient light sensors events. I researched the privacy issues of light sensors: here, here, and here.

---

In case you feel it's worth it to forward this letter further, I leave this thingy below: