all InfoSec news
CVE Advisory: CVE-2024-3094 - Security Compromise in XZ Utils
Malware Analysis, News and Indicators - Latest topics malware.news
IntroductionOn March 29th, a security incident surfaced involving XZ Utils, a widely utilized data compression package integrated into major Linux distributions. Malicious code, allowing unauthorized remote SSH access, was discovered within versions 5.6.0 and 5.6.1 of XZ Utils. This exploit has been formally identified as CVE-2024-3094 and assigned a critical CVSS score of 10.
BackgroundXZ Utils fell victim to a sophisticated supply chain attack where attackers targeted the liblzma library, a crucial dependency utilized by OpenSSH. This attack allowed for …
access advisory code compression compromise critical cve cve-2024 cve-2024-3094 cvss data data compression distributions exploit incident linux linux distributions major malicious march package security security incident ssh unauthorized xz utils