It seems as though responders cannot catch a break when it comes to 0-day vulnerabilities and supply chain compromise avenues. On March 29th, 2024, the Cybersecurity & Infrastructure Security Agency published an alert regarding a supply chain compromise of the XZ Utils package.
At time of writing, there is no information regarding exploitation of the vulnerability and follow-on post-compromise activity. However, it is still prudent and recommended to identify vulnerable versions of this package in your environment and upgrade as soon as possible.
Read on to learn how to accomplish this, and how the various features of Cloud SIEM can help security teams respond to this threat.
dentifying vulnerable XZ Utils versions
For customers who may not have a vulnerability scanning appliance in place or simply wish to perform an ad-hoc or secondary scan on sensitive hosts to confirm whether vulnerable versions of XZ utils exist, we can utilize Software Bill of Materials (SBOM) tooling.
One example of such tooling is Distro2Sbom. Let’s take a look at how this tool works and how it can work with Sumo Logic in order to find vulnerable XZ Utils across your environment...read more!
