all InfoSec news
The XZ Backdoor issue triggered by one untrusted maintainer
April 16, 2024, 10:36 a.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
Author: Minyeop Choi, Hosu Choi, Sojun Ryu | S2W TALON
Last modified: Apr 16, 2024Photo by Gabriel Heinzer on UnsplashExecutive Summary
- 2024년 3월 29일, Unix 계열 및 Windows 운영체제에서 사용되는 오픈소스 압축 유틸리티인 XZ Utils을 대상으로 하는 공급망 공격이 발생하였으며, 5.6.0–5.6.1 버전의 업스트림 채널에 백도어가 포함되어 유포된 정황이 확인됨.
— XZ Utils 레포지토리: https[:]//github[.]com/tukaani-project/xz
— 미러링된 개발자 웹사이트: https[:]//git.tukaani[.]org/?p=xz.git
— 업스트림: 프로젝트의 오픈소스 코드에 직접 Contribution 하는 것 - 악성코드가 포함된 버전을 릴리즈한 JiaT75 유저는 …
article backdoor blog issue link maintainer malware analysis medium s2w topic untrusted xz backdoor
More from malware.news / Malware Analysis, News and Indicators - Latest topics
What the Biggest-Ever Botnet Takedown Means
1 day, 10 hours ago |
malware.news
Nearly 6M WordPress sites may be affected by bugs in 3 plug-ins
1 day, 12 hours ago |
malware.news
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Security Compliance Strategist
@ Grab | Petaling Jaya, Malaysia
Cloud Security Architect, Lead
@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)