Blog Post

The Human Connection Blog
1 MIN READ

New Cyber Threat Intelligence Lab release!

BenMcCarthy's avatar
BenMcCarthy
Icon for Immerser rankImmerser
6 months ago

Today we have a brand new set of labs related to CVE-2024-3094 (xz) – Supply Chain Compromise

n late March 2024, a critical backdoor (CVE-2024-3094) was found in the popular Linux open-source library 'xz.' This vulnerability affects various tools utilizing the library, including SSH. With a CVSS score of 10.0, this represents a critical issue in the open-source software supply chain.

In this lab, you'll analyze the vulnerable library distribution and extract indicators of compromise. 

Who is it for?

  • Incident responders
  • SOC analyst

What are the key takeaways?

  • Understand the mechanism used by the vulnerable library to deliver the backdoor binary file
  • Identify methods to detect vulnerable versions in production environments

Cyber Pro licensed users can access the new collection here.

Published 6 months ago
Version 1.0
No CommentsBe the first to comment