InfoSecBulletin Cybersecurity for mankind
Red Hat and the US cybersecurity agency CISA issued a warning on Good Friday about harmful code found in a widely used Linux tool.
CVE-2024-3094 is a security vulnerability in XZ Utils, a compression tool widely used in Linux distributions. Red Hat issued an advisory about the problem on Friday afternoon.
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
The Cybersecurity and Infrastructure Security Agency, with the open source community, is addressing reports of harmful code in XZ Utils versions 5.6.0 and 5.6.1 that could allow unauthorized access to systems.
“CISA recommends developers and users to downgrade XZ Utils to an uncompromised version—such as XZ Utils 5.4.6 Stable—hunt for any malicious activity and report any positive findings to CISA,” the agency said in a notice.
Red Hat’s security team discovered a vulnerability on Thursday in the latest version of XZ, which contained code designed for unauthorized access.
CISA did not give more details beyond its advisory. Red Hat did not reply to questions about the number of affected systems, who was responsible, or where most victims were.
Red Hat’s advisory notes in all caps that certain users should stop usage for work or personal activity “immediately” and provided links to updates that can be used to mitigate the vulnerability.
A hacker could exploit the vulnerability to remotely access the whole system.
“Current investigation indicates that the packages are only present in Fedora 41 and Fedora Rawhide within the Red Hat community ecosystem. No versions of Red Hat Enterprise Linux (RHEL) are affected,” Red Hat explained.
“Other distributions may also be affected. Users of other distributions should consult with their distributors for guidance. For both personal and business activities, immediately stop using Fedora 41 or Fedora Rawhide. If you are using an affected distribution in a business setting, we encourage you to contact your information security team for next steps.”
Andres Freund, a Microsoft engineer, discovered a problem this week, with researchers tracing back issues to March 26. Experts think it’s a complex attempt to attack open source supply chains, and many researchers are urgently looking to find where the malicious code came from.
Cybersecurity expert John Bambenek said it seems the library at issue “tends to be installed by default on modern Linux distributions so organizations should immediately prioritize downgrading the package until a safe update is released, even if they don’t use the tools themselves.”
