CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems.Â

CISA recommends developers and users to downgrade XZ Utils to an uncompromised version—such as XZ Utils 5.4.6 Stable—hunt for any malicious activity and report any positive findings to CISA.Â

See the following advisory for more information:Â

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Update to national cybersecurity strategy implementation plan coming before the end of summer

March 5, 2024 0 Comments 0 tags

MIAMI — Cybersecurity professionals can expect fresh reading materials in the coming months from the Office of the National Cyber Director, which aims to issue an update to the national

Dark Web Market Revenues Rebound but Sector Fragments

February 29, 2024 0 Comments 0 tags

Chainalysis study of crypto flows reveals darknet markets made $1.7bn in 2023

CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate SQL Injection Vulnerabilities

March 25, 2024 0 Comments 0 tags

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating SQL Injection Vulnerabilities in Software. This Alert was crafted in response to a