All articles tagged with #malicious code
Originally Published 4 months ago — by The New York Times
A former software developer at Eaton Corporation was sentenced to four years in prison for creating and deploying malicious code in 2019 that caused significant damage to the company's computer network, resulting in over $360,000 in losses and extensive system disruptions.
Originally Published 1 year ago — by The Register
A backdoor was discovered in the open source compression library xz, potentially allowing full remote code execution on machines with the vulnerable package. The sophisticated attack involved multiple commits and a pressure campaign on the maintainer, raising concerns about the security of open source software. The identity of the perpetrator is unknown, but the attack suggests the involvement of a well-funded adversary, possibly with ties to a nation-state intelligence agency. This incident highlights the fragility of open source and the challenges of securing software maintained by volunteers.
Originally Published 1 year ago — by Duo Security
Red Hat issued an urgent security alert warning of malicious code embedded in certain versions of XZ Utils, impacting certain Fedora Linux distribution versions and potentially allowing unauthorized access to systems. The affected versions are 5.6.0 and 5.6.1, present in Fedora 41 and Fedora Rawhide. Red Hat advised users to stop using Fedora Rawhide instances and downgrade to a safe version. No versions of Red Hat Enterprise Linux are affected, but other distributions like Debian unstable may also be impacted. CISA recommended downgrading XZ Utils to a safe version and hunting for any malicious activity.
Originally Published 1 year ago — by Phoronix
Red Hat issued an urgent security alert for Fedora 41 and Fedora Rawhide users due to a security vulnerability in XZ 5.6.0/5.6.1 that could allow unauthorized remote system access. The malicious code interferes with sshd authentication via systemd, potentially enabling unauthorized access to the entire system. No fixed version has been released yet, and Debian has also issued a similar security warning. Users are advised to ensure they do not have XZ 5.6.0/5.6.1 on their systems.