CROC News - XZ Utils backdoor explained
03/31/24 โข 12 min
The backdoor in XZ Utils is shaking the industry ๐ How could we not talk about it?
Tune in to the special unscheduled episode of Crying Out Cloud with Eden Naftali and Amitai Cohen as they delve into the stealthy supply chain attack!
In this episode: ๐ The Alert from CISA regarding CVE-2024-3094, a vulnerability in XZ Utils Data Compression Library versions 5.6.0 and 5.6.1 ๐ The potential risks posed by the embedded malicious code and the unauthorized access it may grant to affected systems ๐ก๏ธ Security Team Action Plans
Tune in now!
The backdoor in XZ Utils is shaking the industry ๐ How could we not talk about it?
Tune in to the special unscheduled episode of Crying Out Cloud with Eden Naftali and Amitai Cohen as they delve into the stealthy supply chain attack!
In this episode: ๐ The Alert from CISA regarding CVE-2024-3094, a vulnerability in XZ Utils Data Compression Library versions 5.6.0 and 5.6.1 ๐ The potential risks posed by the embedded malicious code and the unauthorized access it may grant to affected systems ๐ก๏ธ Security Team Action Plans
Tune in now!
Previous Episode
CROC News: Malicious Repos, Bandwidth Theft, & NVD or NoVD?
๐๏ธ What is a better way to stay updated on cloud security than a NEW Crying Out Cloud episode! Join Eden Naftali and Amitai Cohen as they explore what is new and ๐ฅ: ๐พ Open-source repos flooded by malicious code. ๐ป What is to become of the National Vulnerability Database? โ๏ธ Proof of bandwidth cryptojacking ๐ ๏ธ Critical vulnerabilities discovered in popular CI/CD tool
Links:
- https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack/
- https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/
- https://research.openanalysis.net/github/lua/2024/03/03/lua-malware.html
- https://resilientcyber.substack.com/p/death-knell-of-the-nvd
- https://sysdig.com/blog/cloud-threats-deploying-crypto-cdn/
Next Episode
CROC Talks: Helping Secure Hugging Face Hub - Special Guest: Shir Tamari
๐จ BREAKING: Wiz Research identifies critical risks in #AI-as-a-service ๐จ Dive into Crying Out Cloud's latest episode, featuring a very special guest, Shir Tamari, head of the research team at Wiz. This episode sheds light on the security challenges that come with the rapid integration of AI technologies. Highlights include: ๐ Exploring the rapid integration of AI and its associated security risks, identified by Wiz Research in collaboration with Hugging Face. ๐ก๏ธ Exposing two significant security flaws within Hugging Face's systems: shared inference and CI/CD systems, which could potentially offer unauthorized access to sensitive data. ๐ข Highlighting the critical need for robust security frameworks in AI services. โ Demonstrating Hugging Face's dedication to security through the adoption of Wiz CSPM, continuous vulnerability assessments, and annual penetration tests, thereby establishing a high standard in AI safety.
If you like this episode youโll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/crying-out-cloud-387088/croc-news-xz-utils-backdoor-explained-55009277"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to croc news - xz utils backdoor explained on goodpods" style="width: 225px" /> </a>
Copy