InfoSecBulletin Cybersecurity for mankind
Red Hat and the US cybersecurity agency CISA issued a warning on Good Friday about harmful code found in a widely used Linux tool.
CVE-2024-3094 is a security vulnerability in XZ Utils, a compression tool widely used in Linux distributions. Red Hat issued an advisory about the problem on Friday afternoon.
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
CVE-2023-39780
Botnet hacks thousands of ASUS routers
Bangladesh Bank instructed using AI to prevent online gambling
251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch
Zero-Trust Policy bypass to Exploit Vulns & Manipulate NHI Secrets
Evaly E-commerce Platform Allegedly Hacked
The Cybersecurity and Infrastructure Security Agency, with the open source community, is addressing reports of harmful code in XZ Utils versions 5.6.0 and 5.6.1 that could allow unauthorized access to systems.
“CISA recommends developers and users to downgrade XZ Utils to an uncompromised version—such as XZ Utils 5.4.6 Stable—hunt for any malicious activity and report any positive findings to CISA,” the agency said in a notice.
Red Hat’s security team discovered a vulnerability on Thursday in the latest version of XZ, which contained code designed for unauthorized access.
CISA did not give more details beyond its advisory. Red Hat did not reply to questions about the number of affected systems, who was responsible, or where most victims were.
Red Hat’s advisory notes in all caps that certain users should stop usage for work or personal activity “immediately” and provided links to updates that can be used to mitigate the vulnerability.
A hacker could exploit the vulnerability to remotely access the whole system.
“Current investigation indicates that the packages are only present in Fedora 41 and Fedora Rawhide within the Red Hat community ecosystem. No versions of Red Hat Enterprise Linux (RHEL) are affected,” Red Hat explained.
“Other distributions may also be affected. Users of other distributions should consult with their distributors for guidance. For both personal and business activities, immediately stop using Fedora 41 or Fedora Rawhide. If you are using an affected distribution in a business setting, we encourage you to contact your information security team for next steps.”
Andres Freund, a Microsoft engineer, discovered a problem this week, with researchers tracing back issues to March 26. Experts think it’s a complex attempt to attack open source supply chains, and many researchers are urgently looking to find where the malicious code came from.
Cybersecurity expert John Bambenek said it seems the library at issue “tends to be installed by default on modern Linux distributions so organizations should immediately prioritize downgrading the package until a safe update is released, even if they don’t use the tools themselves.”
