Urgent Alert: Supply Chain Attack Targets XZ Utils with Hidden Backdoor

March 31, 2024
Urgent Alert: Supply Chain Attack Targets XZ Utils with Hidden Backdoor
Tech
Tech
Cybersecurity
Cybersecurity

  • RedHat has issued an urgent security alert for a supply chain attack on XZ Utils, affecting versions 5.6.0 and 5.6.1.

  • Security expert Andres Freund discovered a backdoor in the library, which was hidden in obfuscated code and could execute malicious code using an RSA key.

  • An individual named 'Jia Tan' took control of the xz project, resulting in the adoption of compromised xz packages by Linux distributions and Homebrew.

  • The incident spotlights the vulnerability of small, critical open-source software libraries due to inadequate maintenance and community support.

  • CISA has released an alert, and xz project leader Lasse Collin is working to secure the project, while authorities investigate the attack.

Summary based on 6 sources

Get a daily email with more Tech stories

Sources

Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros

The Hacker News • Mar 30, 2024

Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
Technologist vs spy: the xz backdoor debate

lcamtuf’s thing • Mar 30, 2024

Technologist vs spy: the xz backdoor debate
The Xz Backdoor Highlights the Vulnerability of Open Source Software—and Its Strengths

404 Media • Mar 30, 2024

The Xz Backdoor Highlights the Vulnerability of Open Source Software—and Its Strengths
xz/liblzma: Bash-stage Obfuscation Explained

gynvael.coldwind//vx.log • Mar 30, 2024

xz/liblzma: Bash-stage Obfuscation Explained

More Stories