May 24, 2024 at 04:31PM Researchers at security firm Rapid7 discovered a backdoor in Justice AV Solutions (JAVS) audio-visual software used in over 10,000 courtrooms. The backdoor, suspected to be part of a supply chain attack, enabled attackers full system access. Rapid7 urges affected users to reinstall, reset credentials, and upgrade to a secure version … Read more
April 2, 2024 at 10:38AM Binarly, a firmware security firm, has released a free online scanner to detect Linux executables affected by the XZ Utils supply chain attack, identified as CVE-2024-3094. The attack was discovered by a Microsoft engineer and the scanner aims to address this issue. It employs static analysis of binaries to identify … Read more
March 29, 2024 at 06:50PM The Tech Tip outlines how to check for system impact from a newly discovered backdoor in the open source xz compression utility. It seems like the main takeaway from the meeting notes is to detail the process for checking if a system is affected by the newly discovered backdoor in … Read more