XZ - Backdoors and The Fragile Supply Chain - PSW #823

As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights.

* https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor
* https://gynvael.coldwind.pl/?id=782
* https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800
* https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
* https://github.com/amlweems/xzbot
* https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/
* https://unicornriot.ninja/2024/xz-utils-software-backdoor-uncovered-in-years-long-hacking-plot/
* https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504
* https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
* https://xeiaso.net/notes/2024/xz-vuln/
* https://infosec.exchange/@AndresFreundTec@mastodon.social
* https://github.com/notselwyn/cve-2024-1086?tab=readme-ov-file
* https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw-823

attack backdoors called compression down insights open source psw scary security security weekly software supply supply chain supply chain attack weekly