security.nl

CISA: XZ-backdoor leert dat leveranciers moeten bijdragen aan open source

Softwareleveranciers, techbedrijven en fabrikanten die van opensourcesoftware profiteren door het binnen hun producten te gebruiken moeten ook aan deze projecten bijdragen, zo stelt het Amerikaanse ...
theregister

Open sourcerers say suspected xz-style attacks continue to target maintainers

Open source groups are warning the community about a wave of ongoing attacks targeting project maintainers similar to those that led to the recent attempted backdooring of a core Linux library. Higher ...
GitHub

luau-project/lua-xz

For this example, we compress the README.md file of this project, which might even become larger than the original due its small size. In the end of the script execution, a file named README.md.lzma ...
GitHub

Cannot flash xz file compiled from img (.img.xz)

I was trying to flash a samsung 64GB microsd card with a disk image I made from a ubuntu 22.04.5 LTS running on a raspberry pi 4. The etcher was installed on a macbook with m1 pro and 16gb ram. Using ...
GIGAZINE

Security company Kaspersky explains how the backdoor of the compression tool 'XZ Utils' used in Linux environments is embedded

XZ is a compression tool used in many Linux distributions, and this time the attack specifically targeted the OpenSSH server process 'sshd.' In distributions such as 'Ubuntu,' 'Debian,' and ...
techzine.nl

xz-backdoor toont hoe kwetsbaar open-source is voor hackers met lange adem

Een security-lek in de Linux-compressietool xz toont hoe kwetsbaar open source-systemen zijn voor meerjarige infiltratietactieken door ‘vertrouwde’ bijdragers. In dit geval voegden boosdoeners ...
techzine

xz backdoor shows how vulnerable open-source is to hackers playing the long game

A security leak in the Linux compression tool xz shows open-source systems’ vulnerability to multi-year infiltration tactics by “trusted” contributors. In this case, the culprits added malicious code ...