A foiled attempt to subvert a widely used software utility is raising critical questions across D.C. about the vulnerability of the open-source supply chain — and to what extent foreign nation-states are actively using cloak-and-dagger human spycraft to exploit it.
— What happened: Andres Freund, a software engineer at Microsoft, discovered fragments of malicious code expertly hidden inside two versions of an immensely popular open-source data compression tool Friday March 29, which had by then been incorporated into two versions of the widely used Linux operating system.
That kicked off a mad scramble among security pros and government agencies to prevent the compromised code — known as Xz — from being used to launch spying campaigns or cyberattacks against affected Linux users. The U.S. government’s lead civilian cybersecurity agency, CISA, issued swift guidance on how to address the issue Friday.
[...]
Thwarted supply-chain hack sets off alarm bells across DC
Thwarted supply-chain hack sets off alarm bells across DC
-
- President
- Posts: 295
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Thwarted supply-chain hack sets off alarm bells across DC
Robert B. Carleton + ISC2 Central Mississippi President