all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE Advisory: CVE-2024-3094 - Security Compromise in XZ Utils

Add to bookmarks
April 2, 2024, 4:45 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

IntroductionOn March 29th, a security incident surfaced involving XZ Utils, a widely utilized data compression package integrated into major Linux distributions. Malicious code, allowing unauthorized remote SSH access, was discovered within versions 5.6.0 and 5.6.1 of XZ Utils. This exploit has been formally identified as CVE-2024-3094 and assigned a critical CVSS score of 10.


BackgroundXZ Utils fell victim to a sophisticated supply chain attack where attackers targeted the liblzma library, a crucial dependency utilized by OpenSSH. This attack allowed for …

access advisory code compression compromise critical cve cve-2024 cve-2024-3094 cvss data data compression distributions exploit incident linux linux distributions major malicious march package security security incident ssh unauthorized xz utils

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Pay up, or else? – Week in security with Tony Anscombe 10 hours ago | malware.news
attack caught dilemma hard +10
Sintesi riepilogativa delle campagne malevole nella settimana del 27 Aprile – 3 Maggio 2024 12 hours ago | malware.news
cert con cui dei +2
Malware Simulators cannot test Antivirus Software 23 hours ago | malware.news
malware analysis topic
Ready2Run - Is dnSpy dead? 23 hours ago | malware.news
malware analysis topic
Security above all else—expanding Microsoft’s Secure Future Initiative 1 day, 2 hours ago | malware.news
cyberattacks cybersecurity future high +11
FBI warns of email spoofing by North Korean threat actor Kimsuky 1 day, 5 hours ago | malware.news
actor article dmarc domains +16
You get a passkey, you get a passkey, everyone should get a passkey 1 day, 9 hours ago | malware.news
accounts can consumer cracked +10
Attackers evade detection by leveraging Microsoft Graph API 1 day, 9 hours ago | malware.news
api article attackers cloud +15
Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland... - SWN #383 1 day, 10 hours ago | malware.news
article cisco credit credit monitoring +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Technical Senior Manager, SecOps | Remote US

@ Coalfire | United States
View on infosec-jobs.com

Global Cybersecurity Governance Analyst

@ UL Solutions | United States
View on infosec-jobs.com

Security Engineer II, AWS Offensive Security

@ Amazon.com | US, WA, Virtual Location - Washington
View on infosec-jobs.com

Senior Cyber Threat Intelligence Analyst

@ Sainsbury's | Coventry, West Midlands, United Kingdom
View on infosec-jobs.com

Embedded Global Intelligence and Threat Monitoring Analyst

@ Sibylline Ltd | Austin, Texas, United States
View on infosec-jobs.com

Senior Security Engineer

@ Curai Health | Remote
View on infosec-jobs.com
View more jobs