Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within XZ Utils, a widely used package present in major Linux distributions (The GitHub project originally hosted here is now suspended). Fortunately, the malicious code was discovered quickly by the OSS community and managed to infect only two of the most recent versions of the package, 5.6.0 and 5.6.1, which were released within the past month.

On March 29, 2024, Red Hat disclosed CVE-2024-3094 (a.k.a XZ vulnerability) scoring a critical CVSS rating of 10. Stemming from a supply chain compromise it affects the latest iterations of XZ tools and libraries. The CVE was identified by a software engineer following the discovery of performance issues in SSH connections. This led to the exposure of a major supply chain attack where a compromised library was inserted into sshd and exploited during the authentication process.

Unveiled on the 29th of March 2024 is the high-stakes investment and prolonged campaign by a malicious actor to plant a backdoor in the Linux software library liblzma to gain access to multiple operating systems via Linux distributions, which arguably worked out successfully. That is until a curious engineer noticed a glitch. Currently known affected upstream software and proposed mitigation.

*April 1 update. it was confirmed that Fedora 40 is not affected by the backdoor. However, users should still downgrade to a 5.4 build to be safe. On March 29th, 2024, a critical CVE was issued for the XZ-Utils library. This vulnerability allows an attacker to run arbitrary code remotely on affected systems. Due to its immediate impact and wide scope, the vulnerability has scored 10 for both CVSS 3.1 and CVSS 4, which is the highest score available.

India's data protection laws are evolving to safeguard the privacy of its citizens. One crucial aspect is the requirement that Personally Identifiable Information (PII) remain within India's borders for processing. This data residency requirement poses a challenge for businesses that want to leverage powerful AI language models (LLMs) like those offered by OpenAI, which often process data in global centers.

Cyberthreats in today’s digital age are becoming complex and relentless, highlighting the importance of robust cybersecurity measures. Among these measures, DNS firewalls stand out as essential components of a comprehensive security strategy. By intercepting and analyzing DNS traffic, these firewalls provide a unique vantage point for identifying and neutralizing threats before they can infiltrate the network.

In a world driven by data, the importance of disaster recovery solutions cannot be overstated. From natural disasters to cyberattacks and human errors, the risks of data loss continues to grow alongside businesses. Today, we will cover the 3 common mistakes companies make when creating a DR strategy, key steps for building an effective DR strategy for your business, and the ways Opti9 can protect your data in AWS.

A new malware loader is delivering the Agent Tesla remote access Trojan (RAT), according to researchers at Trustwave SpiderLabs. The malware is distributed by phishing emails with malicious attachments. “The threat begins with a fake bank payment email designed to deceive recipients,” the researchers write.

New data shows organizations are well aware that their users are one of their greatest cybersecurity risks today, and yet aren’t taking the right steps to remediate the risk. KnowBe4 exists and continues to thrive because the human threat surface is far and wide. Email, text, web surfing, phone calls and crafty combinations therein all create somewhat unique attacks. In each of these instances, the user is relying on technology to stop the threat before the attack gets to them.

Using little more than a well-known business name and a invoice-related PDF, the “NaurLegal” phishing campaign aims at installing malware trojans. This new campaign spotted by security analysts at BlueVoyant demonstrates how effective spear phishing can be — even when the phishing execution itself is relatively basic. According to the analysis, threat actors impersonate well-known law firms and send out PDF attachments with the filename "Invoice_.pdf." Simple enough, right?