Web Dev PHP JS Design UI UX

A supply-chain attack involving obfuscated malicious code in the xz package was discovered by a developer at Microsoft who noticed a small 600ms delay with SSH processes when doing some routine micro-benchmarking. The account that made the offending commits seemingly played the long game, slowly gaining the trust of xz's developer before injecting the attack. The attack allows for the interception and modification of data used with the library, allowing malicious actors to break sshd authentication and gain access to affected systems. The situation is developing and more vulnerabilities could be discovered. https://www.techspot.com/news/102456-linux-could-have-brought-down-backdoor-found-widely.html

TechSpot

Linux could have been brought down by backdoor found in widely used utility

Andres Freund, a PostgreSQL developer at Microsoft, was doing some routine micro-benchmarking when he noticed a small 600ms delay with ssh processes, noticing that these were using...

🤯1

www.tgoop.com/wwwdev/4423

414 viewsApr 1, 2024 at 21:12

A supply-chain attack involving obfuscated malicious code in the xz package was discovered by a developer at Microsoft who noticed a small 600ms delay with SSH processes when doing some routine micro-benchmarking. The account that made the offending commits seemingly played the long game, slowly gaining the trust of xz's developer before injecting the attack. The attack allows for the interception and modification of data used with the library, allowing malicious actors to break sshd authentication and gain access to affected systems. The situation is developing and more vulnerabilities could be discovered. https://www.techspot.com/news/102456-linux-could-have-brought-down-backdoor-found-widely.html

BY Web Dev PHP JS Design UI UX