InfoSecBulletin Cybersecurity for mankind
Red Hat and the US cybersecurity agency CISA issued a warning on Good Friday about harmful code found in a widely used Linux tool.
CVE-2024-3094 is a security vulnerability in XZ Utils, a compression tool widely used in Linux distributions. Red Hat issued an advisory about the problem on Friday afternoon.
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
The Cybersecurity and Infrastructure Security Agency, with the open source community, is addressing reports of harmful code in XZ Utils versions 5.6.0 and 5.6.1 that could allow unauthorized access to systems.
“CISA recommends developers and users to downgrade XZ Utils to an uncompromised version—such as XZ Utils 5.4.6 Stable—hunt for any malicious activity and report any positive findings to CISA,” the agency said in a notice.
Red Hat’s security team discovered a vulnerability on Thursday in the latest version of XZ, which contained code designed for unauthorized access.
CISA did not give more details beyond its advisory. Red Hat did not reply to questions about the number of affected systems, who was responsible, or where most victims were.
Red Hat’s advisory notes in all caps that certain users should stop usage for work or personal activity “immediately” and provided links to updates that can be used to mitigate the vulnerability.
A hacker could exploit the vulnerability to remotely access the whole system.
“Current investigation indicates that the packages are only present in Fedora 41 and Fedora Rawhide within the Red Hat community ecosystem. No versions of Red Hat Enterprise Linux (RHEL) are affected,” Red Hat explained.
“Other distributions may also be affected. Users of other distributions should consult with their distributors for guidance. For both personal and business activities, immediately stop using Fedora 41 or Fedora Rawhide. If you are using an affected distribution in a business setting, we encourage you to contact your information security team for next steps.”
Andres Freund, a Microsoft engineer, discovered a problem this week, with researchers tracing back issues to March 26. Experts think it’s a complex attempt to attack open source supply chains, and many researchers are urgently looking to find where the malicious code came from.
Cybersecurity expert John Bambenek said it seems the library at issue “tends to be installed by default on modern Linux distributions so organizations should immediately prioritize downgrading the package until a safe update is released, even if they don’t use the tools themselves.”
