Search cyberveille.decio.ch

Found 6 bookmarks

Newest

XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor

On March 29, right before Easter weekend, we received notifications about something unusual happening with the open-source project XZ Utils, which provides lossless data compression on virtually all Unix-like operating systems, including Linux. The initial warning was sent to the Open Source Security mailing list sent by Andres Freund, who discovered that XZ Utils versions 5.6.0 and 5.6.1 are impacted by a backdoor. A few hours later, the US government’s CISA and OpenSSF warned about a critical problem: an installed XZ backdoored version could lead to unauthorized remote access.

#binarly #EN #2024 #XZ #Supply-chain-attack #CVE-2024-3094 #Scanner

·binarly.io·Apr 3, 2024

XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor

GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)

notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) - amlweems/xzbot

#amlweems #EN #2024 #CVE-2024-3094 #xz #backdoor #honeypot #analysis

·github.com·Apr 1, 2024

GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)

What we know about the xz Utils backdoor that almost infected the world

Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.

#arstechnica #EN #2024 #xz #Supply-chain-attack #backdoor #CVE-2024-3094

·arstechnica.com·Apr 1, 2024

What we know about the xz Utils backdoor that almost infected the world

Check if you're vulnerable to CVE-2024-3094

CVE-2024-3094 is the new hot one and it’s extremely critical; however, impact should be limited as most normal linux distros are unaffected. Here’s some stuff to know:

#latio.tech #EN #2024 #CVE-2024-3094 #check #linux #xz #vulnerability-check

·latio.tech·Apr 1, 2024

Check if you're vulnerable to CVE-2024-3094

xz-utils backdoor situation

This is still a new situation. There is a lot we don't know. We don't know if there are more possible exploit paths. We only know about this one path. Please update your systems regardless. Unknown unknowns are safer than known unknowns. This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't know much about what's going on.

#thesamesam #xz #CVE-2024-3094 #backdoor #FAQ

·gist.github.com·Apr 1, 2024

xz-utils backdoor situation

xz/liblzma: Bash-stage Obfuscation Explained - gynvael.coldwind//vx.log

esterday Andres Freund emailed oss-security@ informing the community of the discovery of a backdoor in xz/liblzma, which affected OpenSSH server (huge respect for noticing and investigating this). Andres' email is an amazing summary of the whole drama, so I'll skip that. While admittedly most juicy and interesting part is the obfuscated binary with the backdoor, the part that caught my attention – and what this blogpost is about – is the initial part in bash and the simple-but-clever obfuscation methods used there. Note that this isn't a full description of what the bash stages do, but rather a write down of how each stage is obfuscated and extracted.

#gynvael #EN #xz #liblzma #analysis #CVE-2024-3094

·gynvael.coldwind.pl·Apr 1, 2024

xz/liblzma: Bash-stage Obfuscation Explained - gynvael.coldwind//vx.log