#CVE20243094

New XZ backdoor scanner detects implant in any Linux binary

by

April 2, 2024 at 10:38AM Binarly, a firmware security firm, has released a free online scanner to detect Linux executables affected by the XZ Utils supply chain attack, identified as CVE-2024-3094. The attack was discovered by a Microsoft engineer and the scanner aims to address this issue. It employs static analysis of binaries to identify … Read more

Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros

by

March 30, 2024 at 01:51AM RedHat issued an urgent security alert about backdoored versions of the XZ Utils data compression library, impacting versions 5.6.0 and 5.6.1. The compromised code interferes with the sshd daemon process and could allow unauthorized remote access under specific circumstances. Microsoft researcher Andres Freund discovered the issue, prompting GitHub to disable … Read more