XZ - Backdoors and The Fragile Supply Chain - PSW #823
4/4/2024
0:00
2:52:20
As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights.
- https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor
- https://gynvael.coldwind.pl/?id=782
- https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800
- https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
- https://github.com/amlweems/xzbot
- https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/
- https://unicornriot.ninja/2024/xz-utils-software-backdoor-uncovered-in-years-long-hacking-plot/
- https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504
- https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
- https://xeiaso.net/notes/2024/xz-vuln/
- https://infosec.exchange/@[email protected]
- https://github.com/notselwyn/cve-2024-1086?tab=readme-ov-file
- https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd
pfSense switches to Linux (April Fools?), Flipper panic in Oz, Tales from the Krypt, Funding to secure the Internet, Abusing SSH on Windows, Blinding EDR, more hotel hacking, Quantum Bleed, and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-823
Altri episodi di "Paul's Security Weekly (Audio)"
Non perdere nemmeno un episodio di “Paul's Security Weekly (Audio)”. Iscriviti all'app gratuita GetPodcast.