On August 29, 2024, a blogpost by Google‘s Threat Analysis Group (TAG) reported the convergence of State-backed attackers and commercial surveillance vendors (CSVs) in their use of similar exploits for cyber-attacks. This phenomenon highlights a troubling trend where both types of actors leverage the same vulnerabilities to achieve their objectives, Continue Reading
XZ BackDoor (CVE-2024-3094): a Multi-Year Effort by an Advanced Threat Actor
With this post I would like to provide a technical dive and considerations about the recently disclosed XZ BackDoor vulnerability (CVE-2024-3094). This vulnerability, which affects the XZ Utils library, a widely used data compression utility in Linux distributions, had the potential for severe consequences, including remote code execution (RCE) and Continue Reading