all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

XZ Utils, a Popular Linux Tool, Contains a New Backdoor

Add to bookmarks
April 9, 2024, 9:45 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

There’s a new Linux backdoor with a 10.0 CVSS score, and it shows that sometimes an attack can come from unexpected sources, especially if your environment heavily relies on open-source software. The recently discovered supply chain exploit affects XZ Utils, a popular open-source tool, and is currently tracked as CVE-2024-3094. It has received the highest CVSS score: 10.0. 


What happened? 


An attacker introduced malicious code into XZ Utils release versions 5.6.0 and 5.6.1. To achieve this, the actor became …

attack backdoor can cve cve-2024 cve-2024-3094 cvss cvss score environment exploit linux open-source software popular score software supply supply chain tool xz utils

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

ISC Stormcast For Monday, May 6th, 2024 https://isc.sans.edu/podcastdetail/8968, (Mon, May 6th) 2 hours ago | malware.news
topic
Just Launched: Checkmarx AI Security 7 hours ago | malware.news
address ai security appsec area +12
Introducing Real Time IDE Scanning – More Secure Code in Real Time 7 hours ago | malware.news
address code development development teams +14
Introducing AI Security Champion with Auto-remediation for SAST 7 hours ago | malware.news
ai security application applications application security +16
How to Incorporate SAST, DAST, and SCA into the SDLC 19 hours ago | malware.news
application application security application security testing application security testing tools +12
Nslookup's Debug Options, (Sun, May 5th) 21 hours ago | malware.news
debug dns machine may +4
Pay up, or else? – Week in security with Tony Anscombe 1 day, 9 hours ago | malware.news
attack caught dilemma hard +10
Sintesi riepilogativa delle campagne malevole nella settimana del 27 Aprile – 3 Maggio 2024 1 day, 11 hours ago | malware.news
cert con cui dei +2
Malware Simulators cannot test Antivirus Software 1 day, 22 hours ago | malware.news
malware analysis topic

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Cyber Security Engineer

@ ASSYSTEM | Bridgwater, United Kingdom
View on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

GRC Analyst

@ Richemont | Shelton, CT, US
View on infosec-jobs.com

Security Specialist

@ Peraton | Government Site, MD, United States
View on infosec-jobs.com

Information Assurance Security Specialist (IASS)

@ OBXtek Inc. | United States
View on infosec-jobs.com

Cyber Security Technology Analyst

@ Airbus | Bengaluru (Airbus)
View on infosec-jobs.com
View more jobs