InfoSecBulletin Cybersecurity for mankind
Red Hat and the US cybersecurity agency CISA issued a warning on Good Friday about harmful code found in a widely used Linux tool.
CVE-2024-3094 is a security vulnerability in XZ Utils, a compression tool widely used in Linux distributions. Red Hat issued an advisory about the problem on Friday afternoon.
FBI seized BreachForums, including telegram channel
Kaspersky report
Bangladesh faces over 34,000 ransomware attacks
FortiOS & FortiProxy SSL-VPN Flaw Allows IP Spoofing
Ransomware Activities this week: Threatmon report
ALERT
CISA Releases Four Industrial Control Systems Advisories
Microsoft May 2024 Patch Tuesday fixes 61 flaws 2 zero-days
Newly circulated reserve theft is false: Bangladesh Bank
Bangladesh bank published CBS guideline Version 2.0
Fortinet report
Attackers exploiting vulnerabilities 50% faster, just 4.76 days
TechCrunch report
Indian gov.t sites compromised to plant online betting ads
The Cybersecurity and Infrastructure Security Agency, with the open source community, is addressing reports of harmful code in XZ Utils versions 5.6.0 and 5.6.1 that could allow unauthorized access to systems.
“CISA recommends developers and users to downgrade XZ Utils to an uncompromised version—such as XZ Utils 5.4.6 Stable—hunt for any malicious activity and report any positive findings to CISA,” the agency said in a notice.
Red Hat’s security team discovered a vulnerability on Thursday in the latest version of XZ, which contained code designed for unauthorized access.
CISA did not give more details beyond its advisory. Red Hat did not reply to questions about the number of affected systems, who was responsible, or where most victims were.
Red Hat’s advisory notes in all caps that certain users should stop usage for work or personal activity “immediately” and provided links to updates that can be used to mitigate the vulnerability.
A hacker could exploit the vulnerability to remotely access the whole system.
“Current investigation indicates that the packages are only present in Fedora 41 and Fedora Rawhide within the Red Hat community ecosystem. No versions of Red Hat Enterprise Linux (RHEL) are affected,” Red Hat explained.
“Other distributions may also be affected. Users of other distributions should consult with their distributors for guidance. For both personal and business activities, immediately stop using Fedora 41 or Fedora Rawhide. If you are using an affected distribution in a business setting, we encourage you to contact your information security team for next steps.”
Andres Freund, a Microsoft engineer, discovered a problem this week, with researchers tracing back issues to March 26. Experts think it’s a complex attempt to attack open source supply chains, and many researchers are urgently looking to find where the malicious code came from.
Cybersecurity expert John Bambenek said it seems the library at issue “tends to be installed by default on modern Linux distributions so organizations should immediately prioritize downgrading the package until a safe update is released, even if they don’t use the tools themselves.”
