Navigation
Recherche
|
New XZ Backdoor Scanner Detects Implants In Any Linux Binary
mardi 2 avril 2024, 23:30 , par Slashdot
The backdoor was introduced by a pseudonymous contributor to XZ version 5.6.0, which remained present in 5.6.1. However, only a few Linux distributions and versions following a 'bleeding edge' upgrading approach were impacted, with most using an earlier, safe library version. Following the discovery of the backdoor, a detection and remediation effort was started, with CISA proposing downgrading the XZ Utils 5.4.6 Stable and hunting for and reporting any malicious activity. Binarly says the approach taken so far in the threat mitigation efforts relies on simple checks such as byte string matching, file hash blocklisting, and YARA rules, which could lead to false positives. This approach can trigger significant alert fatigue and doesn't help detect similar backdoors on other projects. To address this problem, Binarly developed a dedicated scanner that would work for the particular library and any file carrying the same backdoor. Binarly's scanner increases detection as it scans for various supply chain points beyond just the XZ Utils project, and the results are of much higher confidence. Binarly has made a free API available to accomodate bulk scans, too. Read more of this story at Slashdot.
https://it.slashdot.org/story/24/04/02/212251/new-xz-backdoor-scanner-detects-implants-in-any-linux-...
Voir aussi |
56 sources (32 en français)
Date Actuelle
jeu. 2 mai - 17:00 CEST
|