White Papers & Advisories
Critical Backdoor in XZ Utils - CVE-2024-3094
2 Pages

Critical Backdoor in XZ Utils - CVE-2024-3094

A critical vulnerability (CVE-2024-3094) has been identified in XZ Utils versions 5.6.0 and 5.6.1. This data compression utility is widely used in many operating systems, primarily Linux distributions. The vulnerability introduces a backdoor, potentially granting malicious actors full remote control of affected systems. Immediate action is required. XZ Utils is a command-line tool on Unix-like operating systems for file compression and decompression. It also includes a library (liblzma) that other software can use. The backdoor was discovered by a PostgreSQL developer at Microsoft. As of March 30, 2024, there's no evidence of active exploitation, but the situation is evolving.

Download now

Thank you for getting in touch!

We have received your message and would like to thank you for writing to us.

One of our colleagues will get back in touch with you soon! Have a great day!
Download
Oops! Something went wrong while submitting the form.

Related White Papers & Advisories

ADVISORY
2 Pages

Automattic Blocks WP Engine's Access to WordPress Resources, Increasing Security Risks Due to Potential Missed Updates

On September 25, 2024, Automattic, the company behind WordPress, blocked WP Engine's access to key WordPress resources, affecting numerous users who depend on WP Engine’s platform for website hosting and management. The incident stems from a policy dispute between the two companies, which could result in disruptions for WP Engine customers, particularly those relying on essential updates and resources directly from WordPress.org.‍
ADVISORY
2 Pages

Actively Exploited Zero-Day Vulnerability in Palo Alto Networks Firewalls CVE-2024-3400

A severe zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks firewalls is being actively exploited. This critical command injection vulnerability exists within the GlobalProtect Gateway feature and requires a specific configuration for successful exploitation. If exploited, unauthenticated attackers could execute arbitrary code with root privileges, granting them complete control over affected firewalls.
ADVISORY
2 Pages

Critical Backdoor in XZ Utils - CVE-2024-3094

A critical vulnerability (CVE-2024-3094) has been identified in XZ Utils versions 5.6.0 and 5.6.1. This data compression utility is widely used in many operating systems, primarily Linux distributions. The vulnerability introduces a backdoor, potentially granting malicious actors full remote control of affected systems. Immediate action is required. XZ Utils is a command-line tool on Unix-like operating systems for file compression and decompression. It also includes a library (liblzma) that other software can use. The backdoor was discovered by a PostgreSQL developer at Microsoft. As of March 30, 2024, there's no evidence of active exploitation, but the situation is evolving.
info@nstcyber.ai
San Jose CA, USA
Bangalore, India
Dubai, UAE

Platform

Continuous Monitoring
AI/ML Assisted Discovery & Validation
Automated Assessments
Prioritized Risk Identification
Swift Threat Detection and Response
Cyber Threat Informed Defense (CTID)
Compliance Assurance

Products

Continuous Threat Exposure Management
Vendor Security Management

Use Cases

Assess Your Security Posture
Eliminate Attack Vectors
Evaluate Vendors and Partners
Meet Compliance

Company

About NST Cyber
NST Cyber Partner Program
Careers

Resources

Blogs
Videos
White Papers & Advisories
© 2024 NST Cyber Inc. All Rights Reserved.
Privacy Policy