CyberSecurity news
FlagThis
@speakerdeck.com
//
References :
Share:
References :
- gist.github.com: I tried to make sense of the backdoor mechanism this time and summarized it in a one-page overview. π΅ There's obviously more technical detail to uncover, but you'll get a general understanding of the complexity and the stealthy mechanisms used to remain undetected. π Thanks to Andres Freund for his insight into this and a shoutout to these researchers if you want to learn more about the backdoor π - by SMX - by @FiloSottile - by @amlweems - by Karchem - by Russ Cox And of course, all the others previously mentioned and those who contributed to the analysis. I hope this helps in understanding how this is exploited! Note: This was quite complicated, so I might have missed some parts. Again, please treat this diagram "as is" while we are continuing the analysis.
- Thomas Roccia :verified:: π€ I have released the full (not truncated) slides from my presentation on the XZ backdoor! I think this is the most condensed (and digest) version of this crazy story! π€― Hope you'll find it useful! π
- research.swtch.com: About the Utils backdoor incident, two alternative takeaways: - application sandboxing (with ) is effective and attackers do their best to disable it: - library sandboxing should be used too:
Classification:
- HashTags: #Cybersecurity #Malware #Backdoor
- Product: XZ
- Feature: Compression Library
- Malware: XZ Backdoor
- Type: 0Day
- Severity: Major