Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280 | allinfosecnews.com

April 9, 2024, 1:38 p.m. | Security Weekly

Security Weekly www.youtube.com

We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software development, the social and economic dynamics of open source, and strategies for patching software.

It's an exciting topic …

abuse backdoor code con connections engineering malicious package social social engineering ssh story supply supply chain xz utils

More from www.youtube.com / Security Weekly

Microsoft, North Korea, Santander, CISA, Deepfakes, Aaran Leyland & More - SWN #387 1 day, 9 hours ago | www.youtube.com

amp cisa deepfakes korea +7

Vulnrichment, Hardware Hacking, VPNs - PSW #829 2 days, 4 hours ago | www.youtube.com

computing connect exploitation exploiting +16

The Impacts Of Cryptocurrency - Nicholas Weaver - PSW #829 2 days, 4 hours ago | www.youtube.com

cryptocurrency good harm nicholas weaver +2

Post-RSAC, Our Heads Are Spinning, and Big News Keeps on Coming! - ESW #362 2 days, 5 hours ago | www.youtube.com

alto best of clear coming +15

Flexxon Server Defender, Unforeseen Innovation Outcomes, & Security through Data - Jee... - ESW #362 2 days, 5 hours ago | www.youtube.com

breach breaches continue cybersecurity +16

AI SOC Solutions, Revamp Your Cybersecurity, & Nightwing Introduction - Jon Check, Ric... - ESW … 2 days, 5 hours ago | www.youtube.com

alert alert triage artificial artificial intelligence +22

3000 Years Ago, Dell, Robocalls, PyPI, Cinterion, Cacti, Chat-GPT, Josh Marpet... - SWN #386 4 days, 9 hours ago | www.youtube.com

cacti chat cinterion dell +8

Inside the OWASP Top 10 for LLM Applications - Sandy Dunn - ASW #285 4 days, 11 hours ago | www.youtube.com

adoption applications apps cases +12

The Enterprise Browser & AI in Securing Software and Supply Chains - Mike Fey, Josh … 4 days, 11 hours ago | www.youtube.com

browser case case studies companies +16

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Sr. Staff Firmware Engineer – Networking & Firewall

@ Axiado | Bengaluru, India

View on infosec-jobs.com

Compliance Architect / Product Security Sr. Engineer/Expert (f/m/d)

@ SAP | Walldorf, DE, 69190

View on infosec-jobs.com

SAP Security Administrator

@ FARO Technologies | EMEA-Portugal

View on infosec-jobs.com