XZ Utils Archives

human, risk, error, open source security

XZ Utils-Like Takeover Attempt Targets the OpenJS Foundation

Jeffrey Burt | April 17, 2024 | Open Source Security, OpenJS Foundation, software supply chain security, XZ Utils

The OpenJS Foundation, which oversees multiple JavaScript projects, thwarted a takeover attempt of at least one project that has echoes of the dangerous backdoor found in versions of the XZ Utils data ...

Security Boulevard

Linux Backdoor Infection Scare, Massive Social Security Number Heist

In episode 325, Tom and Kevin discuss a significant backdoor threat that nearly compromised Linux systems globally, stemming from an infiltration into an open-source project called XZ Utils by attackers who gained ...

Shared Security Podcast

XZ-Utils Supply Chain Backdoor Vulnerability Updated Advisory (CVE-2024-3094)

NSFOCUS | April 7, 2024 | Blog, CVE-2024-3094;, DDoS Mitigation, XZ Utils

Vulnerability Overview Recently, NSFOCUS CERT detected that the security community disclosed a supply chain backdoor vulnerability in XZ-Utils (CVE-2024-3094), with a CVSS score of 10. Since the underlying layer of SSH relies ...

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.