News
Supply chain compromised, critical CVSS rating of 10 for Linux distributions - EXPERT COMMENT
April 2024 by Dor Dali, Head of Security Research at Cyolo
The latest news of the critical backdoor found in XZ Utils opens a new challenge for the supply chain. As the topic evolves, Dor Dali, Head of Security Research at Cyolo, shares his thoughts.
With an extensive background in security research and as a Cyber Security Team Leader for the Israel Defense Forces, Dor shares his view on the critical XZ Utils vulnerability waned by Red Hat as it will raise further questions about the impact on access and the repercussions for the supply chain.
“The supply chain continues to be the target of attacks. As attackers continue to evolve and vulnerabilities by design are becoming more of a norm, the CVE-2024-3094-xz supply chain attack only raises more red flags to ensure the perimeter is secured.
In this instance, it has been reported that the upstream XZ repository and the XZ tarballs have been backdoored, which allows attackers to remotely execute arbitrary code on affected systems. The vulnerability exposed a critical security risk, that ultimately grants attackers the ability to circumvent authentication protocols and access entire systems remotely.
The malicious code found shows how critical it is for organizations to follow best practices, including avoiding the exposure of SSH directly to the internet and implementing additional security measures. As leaders think through the extra security layers they may need, a strategy focused on zero trust will also help eliminate these types of risks created by design.”
