all InfoSec news
XZ Utils Supply Chain Attack (CVE-2024-3094)
April 3, 2024, 4:36 p.m. |
FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com
A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced an unexpected behavior, leading to further investigation and discovery of the vulnerability.
What is the recommended Mitigation?
CISA has advised XZ Utils users to downgrade …
attack code compression cve cve-2024 cve-2024-3094 data data compression distributions embedded found libraries linux linux distributions major malicious researcher results security security researcher software supply supply chain supply chain attack tools under vulnerability what is xz utils
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report
Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
1 week, 2 days ago |
fortiguard.fortinet.com
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Security Operations Manager-West Coast
@ The Walt Disney Company | USA - CA - 2500 Broadway Street
Vulnerability Analyst - Remote (WFH)
@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US
Senior Mainframe Security Administrator
@ Danske Bank | Copenhagen V, Denmark