Skip to main content

Search

Items tagged with: cve

A couple things to think about here:

This appears to be a malicious maintainer - not a compromised account. Meaning the person themselves, coded this in an pushed it out.

So:
1) Did they try and backdoor any other code?
2) Are they part of a greater campaign or is anyone else helping them.

This is a massive breach of trust.

That said! Huge kudos to Andres Freund, Florian Weimer, and others in finding this.

A lot of eyes are on this now. CISA is involved. Major distros are involved, etc. Many eyes and such.

#infosec #linux #foss #hacking #cve20243094 #cve

#linux #foss #infosec #hacking #cve #cve20243094


Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) - Help Net Security

A vulnerability (CVE-2024-3094) in XZ Utils may enable a malicious actor to gain unauthorized access to Linux systems remotely.
Zeljka Zorz (Help Net Security)
#linux #foss #infosec #hacking #cve #cve20243094

Fellow Masto Admins,
Kindly upgrade to the latest release of Mastodon as soon as possible.

#mastodon #mastodev #mastoadmin #security #fediverse #cve

#fediverse #security #mastodon #mastoadmin #MastoDev #cve