all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

XZ Utils Supply Chain Attack (CVE-2024-3094)

Add to bookmarks
April 3, 2024, 4:36 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

What is the vulnerability/attack?
A malicious code was discovered embedded in the XZ Utils, a data compression software included in major Linux distributions. This vulnerability tracked under CVE-2024-3094 results from a supply chain attack on versions 5.6.0 and 5.6.1 of the related tools and libraries. A security researcher found the malicious code when he experienced an unexpected behavior, leading to further investigation and discovery of the vulnerability.

What is the recommended Mitigation?


CISA has advised XZ Utils users to downgrade …

attack code compression cve cve-2024 cve-2024-3094 data data compression distributions embedded found libraries linux linux distributions major malicious researcher results security security researcher software supply supply chain supply chain attack tools under vulnerability what is xz utils

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 3 days, 14 hours ago | fortiguard.fortinet.com
attackers attacks cisa cisa known exploited vulnerabilities +27
ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359) 5 days, 15 hours ago | fortiguard.fortinet.com
adaptive security advisory april arcanedoor +22
Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259) 5 days, 16 hours ago | fortiguard.fortinet.com
access advisory akira akira ransomware +17
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 2 weeks ago | fortiguard.fortinet.com
advisory attack code code injection +27
XZ Utils Supply Chain Attack (CVE-2024-3094) 3 weeks, 5 days ago | fortiguard.fortinet.com
attack code compression cve +25
Nice Linear eMerge Command Injection Vulnerability (CVE-2019–7256) 1 month ago | fortiguard.fortinet.com
access attacker code code execution +25
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) 1 month ago | fortiguard.fortinet.com
access application application developers attackers +31
Kimsuky Malware Attack 1 month ago | fortiguard.fortinet.com
attack cyber entities espionage +15
JetBrains TeamCity Authentication Bypass Vulnerabilities (CVE-2024-27198, CVE-2024-27199) 1 month, 2 weeks ago | fortiguard.fortinet.com
attacker authentication authentication bypass bypass +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Senior Security Engineer

@ Core10 | Nashville, Tennessee, United States - Remote
View on infosec-jobs.com

Security Operations Engineer I

@ Jamf | US Remote
View on infosec-jobs.com

IT Security ISSO Specialist (15.10)

@ OCT Consulting, LLC | Washington, District of Columbia, United States
View on infosec-jobs.com

Compliance Officer

@ Aspire Software | Canada - Remote
View on infosec-jobs.com

Security Operations Center (SOC) - AVP

@ Paytm | Noida, Uttar Pradesh
View on infosec-jobs.com
View more jobs