All articles tagged with #supply chain compromise
CISA and the open source community are addressing reports of malicious code found in XZ Utils versions 5.6.0 and 5.6.1, potentially allowing unauthorized access to affected systems. Users are advised to downgrade to a secure version, such as XZ Utils 5.4.6 Stable, and to report any suspicious activity to CISA.
Tens of thousands of Android devices, including smartphones, CTV boxes, and tablets, have been shipped with backdoored firmware infected with the Triada malware. The infected devices, originating from a Chinese manufacturer, have been found on public school networks in the United States. The malware, discovered in 2016, allows threat actors to carry out ad-fraud schemes and other malicious activities. The cybersecurity firm Human Security has disrupted one of the ad fraud schemes but warns that the backdoor cannot be cleaned by end-users. Users are advised to choose familiar brands when purchasing new devices.