all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

The xz/liblzma Compromise and Software Supply Chain Security

Add to bookmarks
April 2, 2024, 7:13 p.m. | Aaron Bray

Phylum blog.phylum.io

At the end of March 2024, a major software supply chain attack was identified: some upstream forks of the popular xz/liblzma library that underpins the massively popular OpenSSH Server was compromised. A rogue contributor appears to have worked to influence the maintainers of the library, adding in seemingly innocuous

attack compromise compromised end influence library maintainers major march openssh popular rogue security server software software supply chain software supply chain attack software supply chain security supply supply chain supply chain attack supply chain security upstream

Visit resource

More from blog.phylum.io / Phylum

Devious Python Build Requirements 2 days, 6 hours ago | blog.phylum.io
arbitrary code attackers build code +5
Python Package Installation Attacks 1 week ago | blog.phylum.io
attackers attacks back code +14
Python Trojan Functions and Imports 1 week ago | blog.phylum.io
calling code concept functions +10
Python Package Spoofing 1 week ago | blog.phylum.io
authors code developers foundation +18
Series: How Malicious Python Code Gains Execution 1 week ago | blog.phylum.io
attackers code dependencies developer +21
Nation-State Threat Actors Renew Publications to npm 1 week, 1 day ago | blog.phylum.io
apts attack back blog +18
Enterprise Strategy Group Report: The Growing Complexity of Securing the Software Supply Chain 2 weeks, 1 day ago | blog.phylum.io
america called complexity developer +21
Q1 2024 Evolution of Software Supply Chain Security Report 2 weeks, 2 days ago | blog.phylum.io
cve cves exploited in the wild +17
Rust crate shipping xz backdoor 2 weeks, 6 days ago | blog.phylum.io
attack backdoor compression engineer +11

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Security Engineer II- Full stack Java with React

@ JPMorgan Chase & Co. | Hyderabad, Telangana, India
View on infosec-jobs.com

Cybersecurity SecOps

@ GFT Technologies | Mexico City, MX, 11850
View on infosec-jobs.com

Senior Information Security Advisor

@ Sun Life | Sun Life Toronto One York
View on infosec-jobs.com

Contract Special Security Officer (CSSO) - Top Secret Clearance

@ SpaceX | Hawthorne, CA
View on infosec-jobs.com

Early Career Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com
View more jobs