Pergi ke luar talian dengan aplikasi Player FM !
XZ - Backdoors and The Fragile Supply Chain - PSW #823
Manage episode 411964995 series 1252135
As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights.
- https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor
- https://gynvael.coldwind.pl/?id=782
- https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800
- https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
- https://github.com/amlweems/xzbot
- https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/
- https://unicornriot.ninja/2024/xz-utils-software-backdoor-uncovered-in-years-long-hacking-plot/
- https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504
- https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
- https://xeiaso.net/notes/2024/xz-vuln/
- https://infosec.exchange/@AndresFreundTec@mastodon.social
- https://github.com/notselwyn/cve-2024-1086?tab=readme-ov-file
- https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd
pfSense switches to Linux (April Fools?), Flipper panic in Oz, Tales from the Krypt, Funding to secure the Internet, Abusing SSH on Windows, Blinding EDR, more hotel hacking, Quantum Bleed, and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-823
547 episod
Manage episode 411964995 series 1252135
As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights.
- https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor
- https://gynvael.coldwind.pl/?id=782
- https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800
- https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor
- https://github.com/amlweems/xzbot
- https://unit42.paloaltonetworks.com/threat-brief-xz-utils-cve-2024-3094/
- https://unicornriot.ninja/2024/xz-utils-software-backdoor-uncovered-in-years-long-hacking-plot/
- https://gist.github.com/smx-smx/a6112d54777845d389bd7126d6e9f504
- https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
- https://xeiaso.net/notes/2024/xz-vuln/
- https://infosec.exchange/@AndresFreundTec@mastodon.social
- https://github.com/notselwyn/cve-2024-1086?tab=readme-ov-file
- https://doublepulsar.com/inside-the-failed-attempt-to-backdoor-ssh-globally-that-got-caught-by-chance-bbfe628fafdd
pfSense switches to Linux (April Fools?), Flipper panic in Oz, Tales from the Krypt, Funding to secure the Internet, Abusing SSH on Windows, Blinding EDR, more hotel hacking, Quantum Bleed, and more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw-823
547 episod
Semua episod
×Selamat datang ke Player FM
Player FM mengimbas laman-laman web bagi podcast berkualiti tinggi untuk anda nikmati sekarang. Ia merupakan aplikasi podcast terbaik dan berfungsi untuk Android, iPhone, dan web. Daftar untuk melaraskan langganan merentasi peranti.