Dos graves vulnerabilidades en Linux !OJO. Exploit CVE-2024-1086 permite escalada de privilegios en Linux (kernels 5.14-6.6.14). PoC revela método Dirty Page directory para obtener acceso root. Urgente aplicar parches. Además, se descubre puerta trasera en xz Utils (v5.6.0 y 5.6.

Part two of our analysis of the #XZbackdoor reveals a dual-layered strategy employed by attackers, combining social engineering with advanced technical exploitation to compromise the integrity of XZ Utils.

Full report ⇒ kas.pr/w27p #CyberSecurity

XZ Outbreak (CVE-2024-3094)
لذت بردم 🧑‍💻
🍟🍺
این نقص اجازه می‌ده که توی #SSH دستکاری کرد و امنیت ارتباطات رمزنگاری شده رو به خطر انداخت. این مشکل بیشتر برای سیستم‌هایی که از نسخه‌های خاصی از XZ Utils استفاده می‌کنند،عمدتاً در نسخه‌های آزمایشی لینوکس مثل #فدورا و #دبیان دیده می‌شه

Assessing the Y, and How, of the XZ Utils incident dlvr.it/T6CDj8

Uma das maiores ameaças à segurança cibernética pode vir de dentro das próprias organizações. Caso recente no XZ Utils destaca a importância da adotar práticas de gerenciamento de identidade para proteger nossos sistemas contra ameaças internas. ow.ly/CfhE105rxK7

Uma das maiores ameaças à segurança cibernética pode vir de dentro das próprias organizações. Caso recente no XZ Utils destaca a importância da adotar práticas de gerenciamento de identidade para proteger nossos sistemas contra ameaças internas. ow.ly/Aki9105rEpy

(🇩🇪) Hast du die neue todo:cast Podcast Folge schon gehört? Es geht um xz-utils und warum wir um Haaresbreite dem wahrscheinlich größten IT-GAU entgangen sind. Hier eine kurze Zusammenfassung der Folge! 👇 #todocast #xz #xz utils

Part two of Kaspersky's analysis of the infamous XZ backdoor reveals a dual-layered strategy employed by attackers, combining social engineering with advanced technical exploitation to compromise the integrity of XZ Utils.

Full report 👇 bit.ly/4bam7M0

Debian'a sızdılar matmazel! Açık kaynak ne kadar güvenilir? XZ Utils ska... youtu.be/qkuEpwFexpI?fe…

Malicious Code in xz Utils: Back to the Development Build Pipeline bit.ly/3JCPWJE

In response to the almost catastrophic backdoor in XZ Utils, Tenable Researcher Satnam Narang tells Reuters, “We really dodged a bullet. It is one of those moments where we have to wipe our brow and say, ‘We were really lucky with this one.’” ow.ly/wLQw105rEj9

Part two of our analysis of the #XZbackdoor reveals a dual-layered strategy employed by attackers, combining social engineering with advanced technical exploitation to compromise the integrity of XZ Utils.

Full report ⇒ kas.pr/w27p

Uma das maiores ameaças à segurança cibernética pode vir de dentro das próprias organizações. Caso recente no XZ Utils destaca a importância da adotar práticas de gerenciamento de identidade para proteger nossos sistemas contra ameaças internas. ow.ly/mB0A105rW2x

SSH Backdoor from Compromised XZ Utils Library dlvr.it/T6BL4F

Uma das maiores ameaças à segurança cibernética pode vir de dentro das próprias organizações. Caso recente no XZ Utils destaca a importância da adotar práticas de gerenciamento de identidade para proteger nossos sistemas contra ameaças internas. ow.ly/lLXR105rynb

🔐 Vous vous demandez comment des groupes APT de haut niveau exploitent l'ingénierie sociale pour attaquer les chaînes d'approvisionnement en open-source ?
L'incident XZ Utils nous révèle un scénario fascinant.
Pour en savoir plus ▶️ kas.pr/bek3

🔐 Vous vous demandez comment des groupes APT de haut niveau exploitent l'ingénierie sociale pour attaquer les chaînes d'approvisionnement en open-source ?
L'incident XZ Utils nous révèle un scénario fascinant.
Pour en savoir plus ▶️ kas.pr/bek3

The whole XZ Utils issue is just the beginning - read about how XZ Utils might not have been the only sabotage target, open-source foundations warn (zd.net/441CqbE). People blindly include packages from unknown sources into their environments all of the time. It's scary

In response to the almost catastrophic backdoor in XZ Utils, Tenable Researcher Satnam Narang tells Reuters, “We really dodged a bullet. It is one of those moments where we have to wipe our brow and say, ‘We were really lucky with this one.’” ow.ly/tClW105rOyw

Today's picks 🍒

🧠 GitHub introduces Copilot Workspace: AI-powered environment to holistically assist developers
💻 Airbnb's AI 'Brandometer' for brand perception score through semantic distances
💀 XZ Utils' SSH Backdoor shipped to Linux
📱 TypeSpec: an 'API first' language…