all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

xz Utils Backdoor

Add to bookmarks
April 2, 2024, 6:50 p.m. | Bruce Schneier

Security Boulevard securityboulevard.com

The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica:



Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the way the software functions. The backdoor manipulated sshd, the executable file used to make remote SSH connections. Anyone in possession of a predetermined encryption …

application security backdoor backdoors code compression cybersecurity debian devops engineer hacking linux malicious malware microsoft open source red hat social engineering utility week world xz utils

Visit resource

More from securityboulevard.com / Security Boulevard

USENIX Security ’23 – A Bug’s Life: Analyzing the Lifecycle and Mitigation Process of Content … 8 hours ago | securityboulevard.com
access authors award bug +23
GenAI Continues to Dominate CIO and CISO Conversations 13 hours ago | securityboulevard.com
bad cio ciso ciso conversations +17
RSAC 2024 Innovation Sandbox | Reality Defender: Deepfake Detection Platform 22 hours ago | securityboulevard.com
benchmark blog conference cybersecurity +20
USENIX Security ’23 – Silent Bugs Matter: A Study of Compiler-Introduced Security Bugs 1 day, 8 hours ago | securityboulevard.com
access authors bing bugs +16
The Escalating Threat of Exposed Credentials 1 day, 8 hours ago | securityboulevard.com
authentication blog careers clear +16
RSAC 2024 Innovation Sandbox | Dropzone AI: Automated Investigation and Security Operations 1 day, 21 hours ago | securityboulevard.com
automated benchmark blog conference +20
The Real Risk is Not Knowing Your Real Risk: Perspectives from Asia Pacific Tour with … 1 day, 22 hours ago | securityboulevard.com
asia asia pacific balbix customer +15
DD2345 Military Critical Technical Data Agreement and CMMC 1 day, 23 hours ago | securityboulevard.com
agreement business can cmmc +9
Airsoft Data Breach Exposes Data of 75,000 Players 2 days ago | securityboulevard.com
airsoft attack surface authentication breach +31

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

GRC Analyst

@ Richemont | Shelton, CT, US
View on infosec-jobs.com

Security Specialist

@ Peraton | Government Site, MD, United States
View on infosec-jobs.com

Information Assurance Security Specialist (IASS)

@ OBXtek Inc. | United States
View on infosec-jobs.com

Cyber Security Technology Analyst

@ Airbus | Bengaluru (Airbus)
View on infosec-jobs.com

Vice President, Cyber Operations Engineer

@ BlackRock | LO9-London - Drapers Gardens
View on infosec-jobs.com
View more jobs