XZ Utils backdoored for covert SSH access on Linux
Help Net Security — April 8, 2024, 02:00 PM UTC
Summary: The XZ Utils compression utility was backdoored by a threat actor aiming for covert SSH access on Linux systems. The backdoor was discovered by a Microsoft engineer and has affected stable versions of some Linux distros. Tools and scripts have been released to detect the backdoor, which requires authentication via a private SSH key. Security firms like Binarly and Bitdefender have developed scanners for this purpose. Elastic Security Labs also provided detection rules.
Article metrics
The article metrics are deprecated.
I'm replacing the original 8-factor scoring system with a new and improved one. It doesn't use the original factors and gives much better significance scores.