Posts tagged APT

🚨 On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths

The newly discovered backdoor[1] in the XZ Utils package[2] affecting numerous Linux distributions[3] and assigned CVE-2024-3094[4] is being dismissed by some members of the technology and security communities as yet another supply chain attack; relevant only because of how blatant it was and that it affected the Open Source ecosystem but in essence nothing out of the ordinary. Regardless of whether this perspective is gaining traction due to cynicism, as hyperbole for clicks or as a coping mechanism, I vehemently disagree with that stance.

../../../_images/openwall-andres-freund-report.png

Read more ...