all InfoSec news
The XZ Backdoor issue triggered by one untrusted maintainer
April 16, 2024, 10:36 a.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
Author: Minyeop Choi, Hosu Choi, Sojun Ryu | S2W TALON
Last modified: Apr 16, 2024Photo by Gabriel Heinzer on UnsplashExecutive Summary
- 2024년 3월 29일, Unix 계열 및 Windows 운영체제에서 사용되는 오픈소스 압축 유틸리티인 XZ Utils을 대상으로 하는 공급망 공격이 발생하였으며, 5.6.0–5.6.1 버전의 업스트림 채널에 백도어가 포함되어 유포된 정황이 확인됨.
— XZ Utils 레포지토리: https[:]//github[.]com/tukaani-project/xz
— 미러링된 개발자 웹사이트: https[:]//git.tukaani[.]org/?p=xz.git
— 업스트림: 프로젝트의 오픈소스 코드에 직접 Contribution 하는 것 - 악성코드가 포함된 버전을 릴리즈한 JiaT75 유저는 …
article backdoor blog issue link maintainer malware analysis medium s2w topic untrusted xz backdoor
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Associate Manager, BPT Infrastructure & Ops (Security Engineer)
@ SC Johnson | PHL - Makati
Cybersecurity Analyst - Project Bound
@ NextEra Energy | Jupiter, FL, US, 33478
Lead Cyber Security Operations Center (SOC) Analyst
@ State Street | Quincy, Massachusetts
Junior Information Security Coordinator (Internship)
@ Garrison Technology | London, Waterloo, England, United Kingdom
Sr. Security Engineer
@ ScienceLogic | Reston, VA