Go offline with the Player FM app!
XZ - Backdoors and The Fragile Supply Chain - PSW #823
Manage episode 410660449 series 2122373
As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights.
- https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor
- https://gynvael.coldwind.pl/?id=782
- https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800
- https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
- https://github.com/amlweems/xzbot
- https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/
- https://unicornriot.ninja/2024/xz-utils-software-backdoor-uncovered-in-years-long-hacking-plot/
- https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504
- https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
- https://xeiaso.net/notes/2024/xz-vuln/
- https://infosec.exchange/@AndresFreundTec@mastodon.social
- https://github.com/notselwyn/cve-2024-1086?tab=readme-ov-file
- https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd
Show Notes: https://securityweekly.com/psw-823
1065 episodes
Manage episode 410660449 series 2122373
As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights.
- https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor
- https://gynvael.coldwind.pl/?id=782
- https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800
- https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
- https://github.com/amlweems/xzbot
- https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/
- https://unicornriot.ninja/2024/xz-utils-software-backdoor-uncovered-in-years-long-hacking-plot/
- https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504
- https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
- https://xeiaso.net/notes/2024/xz-vuln/
- https://infosec.exchange/@AndresFreundTec@mastodon.social
- https://github.com/notselwyn/cve-2024-1086?tab=readme-ov-file
- https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd
Show Notes: https://securityweekly.com/psw-823
1065 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.