As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights.
- https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor
- https://gynvael.coldwind.pl/?id=782
- https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800
- https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
- https://github.com/amlweems/xzbot
- https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/
- https://unicornriot.ninja/2024/xz-utils-software-backdoor-uncovered-in-years-long-hacking-plot/
- https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504
- https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
- https://xeiaso.net/notes/2024/xz-vuln/
- https://infosec.exchange/@[email protected]
- https://github.com/notselwyn/cve-2024-1086?tab=readme-ov-file
- https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd
pfSense switches to Linux (April Fools?), Flipper panic in Oz, Tales from the Krypt, Funding to secure the Internet, Abusing SSH on Windows, Blinding EDR, more hotel hacking, Quantum Bleed, and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-823
Fler avsnitt av Security Weekly Podcast Network (Audio)
Visa alla avsnitt av Security Weekly Podcast Network (Audio)Security Weekly Podcast Network (Audio) med Security Weekly Productions finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.