Tag

Software Supply Chain Attacks

All articles tagged with #software supply chain attacks

Uncovering the XZ Backdoor Mastermind: A Stealth Attack on Linux Encryption

Originally Published 1 year ago — by WIRED

The discovery of a backdoor in the XZ Utils compression utility has revealed a sophisticated software supply chain attack orchestrated by a mysterious figure known as Jia Tan. This individual, suspected to be a state-sponsored hacker or group, spent years building credibility in the open source community before inserting the backdoor. Despite efforts to remain anonymous, clues such as time zone discrepancies and technical hallmarks point to potential ties to Russia's APT29 hacking group. The incident underscores the growing threat of supply chain attacks and the need for heightened vigilance in open source software development.

technology cybersecurity cybersecurity jia-tan open-source software-supply-chain-attacks state-sponsored-hacking xz-utils

"Beware: Ubuntu 'command-not-found' Tool Vulnerable to Rogue Package Installation"

Originally Published 1 year ago — by The Hacker News

Cybersecurity researchers have discovered a potential exploit in the Ubuntu operating system's 'command-not-found' utility, which could allow threat actors to manipulate the system and recommend their own malicious packages, potentially leading to software supply chain attacks. The exploit involves the utility suggesting rogue packages from the snap repository, as well as impersonating legitimate APT packages and leveraging typosquatting attacks. Users are advised to verify package sources before installation, while developers have been urged to register associated snap names for their commands to prevent misuse.

technology software-security-vulnerability command-not-found cybersecurity rogue-packages software-security-vulnerability software-supply-chain-attacks ubuntu