Projects per year
Abstract
An emerging supply-chain attack due to a backdoor in XZ Utils has been identified. The backdoor allows an attacker to run commands remotely on vulnerable servers utilizing SSH without prior authentication. We have started to collect available information with regards to this attack to discuss current mitigation strategies for such kinds of supply-chain attacks. This paper introduces the critical attack path of the XZ backdoor and provides an overview about potential mitigation techniques related to relevant stages of the attack path.
| Original language | English |
|---|---|
| Place of Publication | https://arxiv.org |
| Publisher | arXiv |
| Number of pages | 8 |
| DOIs | |
| Publication status | Published - 13 Apr 2024 |
Publication series
| Name | CoRR - Computing Research Repository |
|---|
Fields of science
- 102 Computer Sciences
- 102016 IT security
- 505015 Legal informatics
JKU Focus areas
- Digital Transformation
- Sustainable Development: Responsible Technologies and Management
Projects
- 1 Active
-
Christian Doppler Laboratory for Private Digital Authentication in the Physical World - Digidow
Mayrhofer, R. (PI)
01.01.2020 → 31.12.2026
Project: Funded research › CDG - Christian Doppler Forschungsgesellschaft