xz Utils Backdoor | allinfosecnews.com

April 2, 2024, 6:50 p.m. | Bruce Schneier

Security Boulevard securityboulevard.com

The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica:

Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the way the software functions. The backdoor manipulated sshd, the executable file used to make remote SSH connections. Anyone in possession of a predetermined encryption …

application security backdoor backdoors code compression cybersecurity debian devops engineer hacking linux malicious malware microsoft open source red hat social engineering utility week world xz utils

More from securityboulevard.com / Security Boulevard

USENIX Security ’23 – Controlled Data Races In Enclaves: Attacks And Detection 12 hours ago | securityboulevard.com

access attacks authors channel +16

What is Secure Code Review and How to Conduct it? 20 hours ago | securityboulevard.com

application assurance automated cloud security +19

Why Bot Management Should Be a Crucial Element of Your Marketing Strategy 1 day, 4 hours ago | securityboulevard.com

address advanced bot protection analytics application security +15

Cloud Monitor Identifies and Remediates Problematic VPN Use in K-12 Districts 1 day, 5 hours ago | securityboulevard.com

chief cloud cybersecurity director +24

Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds 1 day, 7 hours ago | securityboulevard.com

blockchain cryptocurrency crypto scam cyberlaw +24

Votiro Keeps Up the Momentum in 2024 1 day, 7 hours ago | securityboulevard.com

blog momentum security security boulevard +1

Novel Threat Tactics, Notable Vulnerabilities, and Current Trends for April 2024 1 day, 8 hours ago | securityboulevard.com

april blog posts center clients +32

USENIX Security ’23 – AEX-Notify: Thwarting Precise Single-Stepping Attacks Through Interrupt Awareness For Intel SGX … 1 day, 8 hours ago | securityboulevard.com

access attacks authors awareness +15

North Korea IT Worker Scam Brings Malware and Funds Nukes 1 day, 9 hours ago | securityboulevard.com

analytics & intelligence api security appsec careers +60

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Consultant Sécurité SI Gouvernance - Risques - Conformité H/F - Strasbourg

@ Hifield | Strasbourg, France

View on infosec-jobs.com

Lead Security Specialist

@ KBR, Inc. | USA, Dallas, 8121 Lemmon Ave, Suite 550, Texas

View on infosec-jobs.com

Consultant SOC / CERT H/F

@ Hifield | Sèvres, France

View on infosec-jobs.com