all InfoSec news
XZ Utils Supply Chain Attack (CVE-2024-3094)
April 3, 2024, 4:36 p.m. |
FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com
A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced an unexpected behavior, leading to further investigation and discovery of the vulnerability.
What is the recommended Mitigation?
CISA has advised XZ Utils users to downgrade …
attack code compression cve cve-2024 cve-2024-3094 data data compression distributions embedded found libraries linux linux distributions major malicious researcher results security security researcher software supply supply chain supply chain attack tools under vulnerability what is xz utils
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Senior Security Engineer
@ Core10 | Nashville, Tennessee, United States - Remote
Security Operations Engineer I
@ Jamf | US Remote
IT Security ISSO Specialist (15.10)
@ OCT Consulting, LLC | Washington, District of Columbia, United States
Compliance Officer
@ Aspire Software | Canada - Remote
Security Operations Center (SOC) - AVP
@ Paytm | Noida, Uttar Pradesh