XZ Utils Backdoored, A Supply Chain Nightmare

Summary:

Multiple Linux distributions face a potential supply chain threat due to the introduction of malicious code into a widely-used library. A backdoor was discovered within the XZ Utils library, inserted roughly a month ago. This compromise allows attackers to manipulate and intercept data exchanged by software routines that rely on XZ Utils as a dependency.

Threat Level – Red | Vulnerability Report

For a detailed threat advisory, download the pdf file here

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.