The Cyber Express
Critical XZ Utils Backdoor (CVE-2024-3094) Leads to SSH Compromise
A critical vulnerability has been discovered within the XZ Utils library (a command line tool for compressing and decompressing XZ
SecurityWeek
XZ Utils Backdoor Attack Brings Another Similar Incident to Light
The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago.
SecurityWeek
Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor
Major Linux distributions have been impacted by a supply chain attack involving backdoored versions of the XZ Utils data compression library.
The Hacker News
Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files
Malicious "test files" linked to the XZ Utils backdoor found in popular Rust crate liblzma-sys, downloaded over 21,000 times.
The Hacker News
Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros
Secret backdoor found in XZ Utils compression library used by major Linux distros, like Fedora, Kali Linux, and openSUSE.
HACKRead
Backdoor Discovered in XZ Utils: Patch Your Systems Now (CVE-2024-3094)
A vulnerability, CVE-2024-3094, was discovered in XZ Utils package. This vulnerability threatens Linux systems with backdoor attacks.
The Hacker News
Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution
Popular Linux compression tool XZ Utils found with backdoor. Threat actors can remotely execute code on your machine, bypassing authentication.
Cyber Security News
xz-utils Backdoor Found in Kali Linux Installations - Check for Malware Infection
A backdoor was recently discovered in the xz-utils package versions 5.6.0 to 5.6.1, shocking the Linux community. This poses a significant threat to the security of Linux distributions, including Kali Linux.
DarkReading
Are You Affected by the Backdoor in XZ Utils?
In this Tech Tip, we outline how to check if a system is impacted by the newly discovered backdoor in the open source xz compression utility.
Security Affairs
Expert found a backdoor in XZ tools used many Linux distributions
Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions.
DarkReading
Attacker Social-Engineered Backdoor Code Into XZ Utils
Unlike the SolarWinds and CodeCov incidents, all that it took for an adversary to nearly pull off a massive supply chain attack was some slick social engineering and a string of pressure emails.
Bleeping Computer
New XZ backdoor scanner detects implant in any Linux binary
Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094.
DarkReading
XZ Utils Backdoor Implanted in Intricate Supply Chain Attack
Had a researcher not spotted the malware when he did, the outcome could have been much worse.
DarkReading
XZ Utils Scare Exposes Hard Truths in Software Security
Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.
Infosecurity News
Open Source Leaders Warn of XZ Utils-Like Takeover Attempts
Two open source organizations have revealed attempts to socially engineer project takeovers
CyberSecurity Dive
Motivations behind XZ Utils backdoor may extend beyond rogue maintainer
Security researchers are raising questions about whether the actor behind an attempted supply chain attack was engaged in a random, solo endeavor.
CyberSecurity Dive
CISA to big tech: After XZ Utils, open source needs your support
The attempted malicious backdoor may have been part of a wider campaign using social engineering techniques, the open source community warned.
Ars Technica
What we know about the xz Utils backdoor that almost infected the world
Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.
The Record
Researchers stop ‘credible takeover attempt’ similar to XZ Utils backdoor incident
The thwarted social engineering attempts highlight the urgent need to address weaknesses in the management of open source software.
CyberSecurity Dive
Open source threat intel platform launched weeks after malicious backdoor targeted XZ Utils
OSSF developed warning system to protect open source maintainers, developers from social engineering, active exploits.
Cyber Security News
Social Engineering Paves the Way for the XZ Cyber Incident
The XZ cyber incident is a textbook example of how sophisticated social engineering tactics can lead to significant security breaches.
Ars Technica
Backdoor found in widely used Linux utility breaks encrypted SSH connections
Malicious code planted in xz Utils has been circulating for more than a month.
The Hacker News
OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
Security researchers uncover a "credible" takeover attempt on the OpenJS Foundation, mirroring a recent incident with XZ Utils.
Bleeping Computer
Red Hat warns of backdoor in XZ tools used by most Linux distros
Today, Red Hat warned users to immediately stop using systems running Fedora development versions because of a backdoor found in the latest XZ data compression tools and libraries.
The Record
Malicious backdoor code embedded in popular Linux tool, CISA and Red Hat warn
The malicious code affects XZ Utils, a tool that helps compress large file formats which is present in nearly every Linux distribution.
CyberScoop
Supply chain attack sends shockwaves through open-source community
An operation to undermine the software utility XZ Utils has exposed the fragile human foundations on which the modern internet is built.
CyberSecurity Dive
Fears rise of social engineering campaign as open source community spots another threat
Federal officials are said to be investigating potential links between the recent XZ Utils campaign and new threat activity against JavaScript project maintainers.
Infosecurity News
Trusted Contributor Plants Backdoor in Critical Open-Source Library
A backdoor in XZ Utils, a widely used file-compressing software in Linux systems, could have led to a critical supply chain attack had a Microsoft researcher not spotted it in time
SecurityWeek
In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack
OpenSSF and OpenJS incidents similar to XZ backdoor, Moldovan botnet operator charged, US automotive company targeted by FIN7.
.webp)
Cyber Security News
Hackers Attempted To Takeover JavaScript Project From OpenJS Foundation
Attackers tried to take over the JavaScript project from OpenJS Foundation, which is home to JavaScript projects utilized by billions of
HACKRead
New Vulnerability "LeakyCLI" Leaks AWS and Google Cloud Credentials
A new vulnerability dubbed 'LeakyCLI' leaks cloud credentials, especially impacting popular services like AWS and Google Cloud.
CyberSecurity Dive
Red Hat warns of backoor in widely used Linux utility
With a CVSS of 10, CISA urged users and developers to downgrade to an uncompromised version, search for any malicious activity and report findings back to the agency.
HACKRead
OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects
The OpenSSF issued alerts for social engineering takeovers of open-source projects after hackers tried to gain control of an OpenJS-hosted project.
DarkReading
CISO Corner: AI Supply Chain; AI Security Platforms; Cyber Awareness
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: facing hard truths in software security, and the latest guidance from NSA.
SecurityWeek
Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems
A critical OS command injection in Progress Flowmon can be exploited to gain remote, unauthenticated access to the system.
Security Affairs
Security Affairs newsletter Round 466 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
SecurityWeek
In Other News: China Hacked Volkswagen, DDoS Service Shutdown, Rubrik IPO
Noteworthy stories that might have slipped under the radar: Volkswagen hacked by Chinese threat group, DDoS service shut down, Rubrik IPO.
SecurityWeek
'WallEscape' Linux Vulnerability Leaks User Passwords
Vulnerability (CVE-2024-28085) in core Linux system utilities package util-linux allows attackers to leak user passwords using fake prompts.
The Hacker News
Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo
Researchers found a malicious Python package called requests-darwin-lite hiding a sneaky malware.
SecurityWeek
CISA Warns of Exploited Linux Kernel Vulnerability
CISA instructs federal agencies to mitigate CVE-2024-1086, a Linux kernel flaw leading to privilege escalation.
The Record
Cisco: Hacker breached multifactor authentication message provider on April 1
Cisco said the breach occurred in the system of a telephony supplier that its Duo unit uses to send MFA messages.
SecurityWeek
JAVS Courtroom Audio-Visual Software Installer Serves Backdoor
Backdoored JAVS courtroom recording and management software installer puts thousands at risk of complete takeover.
The Hacker News
Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years
Millions of malicious "imageless" containers have been planted on Docker Hub over the past 5 years in multiple cybercriminal campaigns.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
In order to enhance your security posture and defenses, it is essential that you have up-to-date knowledge on two key things like emerging cyber risks and attack vectors.
%20--%20Supply%20Chain%20Backdoor%20(1).webp)
Cyber Security News
Urgent Security Alert! Upstream Supply Chain Attack Lead to SSH Compromise
Fedora Linux 40 beta users have been urged to take immediate action after an Upstream supply chain attack that has compromised SSH protocol.
SC Magazine
Backdoor in utility commonly used by Linux distros risks SSH compromise
The critical supply chain threat affects beta releases of Red Hat Fedora, Debian and more.
Security Affairs
Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor
Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor
SecurityWeek
Simbian Emerges From Stealth With $10 Million to Build Autonomous AI-Based Security Platform
With $10 million in funding, cybersecurity startup Simbian is building a fully autonomous security platform using AI.
The Hacker News
North Korean Hackers Targeting Developers with Malicious npm Packages
Fake npm packages linked to North Korea threaten software supply chain. Read on for details and protection tips.
Bleeping Computer
Yes, there's an npm package called @(-.-)/env and some others like it
Strangely named npm packages like -, @!-!/-, @(-.-)/env, and --hepl continue to exist on the internet's largest software registry. While not all of these may necessarily pose an obvious security risk, some were named before npm enforced naming guidelines and could potentially break tooling.
DarkReading
10 Malicious Code Packages Slither into PyPI Registry
The discovery adds to the growing list of recent incidents where threat actors have used public code repositories to distribute malware in software supply chain attacks.
Bleeping Computer
The Biggest Takeaways from Recent Malware Attacks
Recent high-profile malware attacks teach us lessons on limiting malware risks at organizations. Learn more from Blink Ops about what these attacks taught us.
The Hacker News
Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers
Over 30 malicious npm packages discovered in the wild. They're after your sensitive data - SSH keys, Kubernetes configs, and more.
The Hacker News
48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems
48 malicious npm packages discovered. They can secretly compromise your system with a reverse shell.
Infosecurity News
New Malicious Python Libraries Found on PyPI Repository
Some of these packages were capable of stealing user credentials and environment variables
The Hacker News
10 Credential Stealing Python Libraries Found on PyPI Repository
Researchers have discovered 10 new malicious Python packages distributed via the Python Package Index (PyPI) to harvest critical data points.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
Security Affairs
Experts found 10 malicious packages on PyPI used to steal developers’ data
10 packages have been removed from the Python Package Index (PyPI) because they were found harvesting data. Check Point researchers have discovered ten malicious packages on the Python Package Index (PyPI). The packages install info-stealers that allow threat actors to steal the private data and personal credentials of the developers. The researchers provide details about […]
SecurityWeek
Security Firms Find Over 20 Malicious PyPI Packages Designed for Data Theft
Security researchers have identified more than 20 malicious PyPI packages designed to steal passwords and other sensitive information.
The Hacker News
Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware
Over a dozen Android apps distributed via the Google Play Store have been caught infecting users' devices with banking malware.
Security Affairs
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
Security Affairs newsletter Round 465 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
SecurityWeek
Threat Actors Manipulate GitHub Search to Deliver Malware
Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code.
Cyber Security News
Malicious npm and PyPi Packages Exfiltrate SSH Keys From Server
JavaScript and Python both have their own package repositories called npm (Node Package Manager) and PyPi (Python Package Index), respectively.
Ars Technica
10 malicious Python packages exposed in latest repository attack
Supply-chain attacks are moving GitHub toward digitally signed packages.
Security Affairs
17 Android Apps on Google Play Store, dubbed DawDropper, were serving banking malware
The researchers discovered over a dozen Android Apps on Google Play Store, collectively dubbed DawDropper, that were dropping Banking malware. Trend Micro researchers uncovered a malicious campaign that leveraged 17 seemingly harmless Android dropper apps, collectively tracked as DawDropper, on the Google Play Store to distribute banking malware. The DawDropper apps are masqueraded as productivity and utility apps such […]
Bleeping Computer
10 malicious PyPI packages found stealing developer's credentials
Threat analysts have discovered ten malicious Python packages on the PyPI repository, used to infect developer's systems with password-stealing malware.
The Hacker News
Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys
Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
Bleeping Computer
Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords
A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command.
Cyber Security News
New Custom Malware Attacking Remote Desktop Protocol Clients to Steal Data
New Custom Malware Attacking Remote Desktop Protocol Clients to Steal Data. 'RedClouds' steals data from shared drives via RD connections.
ZDNet
Say hello to Red Hat Enterprise Linux 9.1
The latest, next-generation version of RHEL 9 is here.
Bleeping Computer
Notepad++ needs your help in "parasite website" shutdown
The Notepad++ project is seeking the public's help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project. There is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam someday either deliberately or as a result of a hijack.
Bleeping Computer
Notepad++ wants your help in "parasite website" shutdown
The Notepad++ project is seeking the public's help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project. There is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam someday either deliberately or as a result of a hijack.
Ars Technica
Highly invasive backdoor snuck into open source packages targets developers
Packages downloaded thousands of times targeted people working on sensitive projects.
Bleeping Computer
Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs
Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs.
Trend Micro
Examining New DawDropper Banking Dropper and DaaS on the Dark Web
In this blog post, we discuss the technical details of a new banking dropper that we have dubbed DawDropper, give a brief history of banking trojans released in early 2022 that use malicious droppers, and elaborate on cybercriminal activities related to DaaS in the deep web.
Cyber Security News
Top 10 Best SysAdmin Tools 2022 - Cyber Security News
Running a system network is not so easy, and for this, you need to select the right sysadmin tools so that work can happen peacefully.
Trend Micro
Exposing Infection Techniques Across Supply Chains and Codebases
This entry delves into threat actors' intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.