Posted on AI Security Cloud Security Incidents & Breaches Vulnerability Intelligence

OpenSSF: The XZ Utils (CVE-2024-3094) backdoor is a defining open-source supply-chain warning

OpenSSF’s review of CVE-2024-3094 describes an intentionally inserted, obfuscated backdoor affecting xz/liblzma 5.6.0 and 5.6.1. The tampering was designed to land in specific Linux distribution build outputs—DEB/RPM packages for x86-64 built with gcc and the GNU linker—rather than appearing uniformly across all builds. Red Hat warned the issue could allow remote compromise via sshd authentication bypass, but OpenSSF notes exposure was limited because the impacted versions were largely confined to experimental or pre-release distro channels and were detected quickly through community oversight and coordinated distro response. Read more

Posted on Cloud Security Incidents & Breaches Security Operations Vulnerability Intelligence

CISA/FBI: CL0P turned MOVEit Transfer into a repeatable mass data-theft pathway via CVE-2023-34362

A joint CISA and FBI advisory details how the CL0P ransomware group (also tracked as TA505) exploited a previously unknown SQL injection flaw (CVE-2023-34362) in Progress Software’s MOVEit Transfer managed file transfer (MFT) product to implant a web shell (“LEMURLOOT”) and exfiltrate data from underlying databases. The advisory frames MOVEit as the latest example of a broader TA505 pattern: targeting internet-facing MFT platforms with zero-day exploits (Accellion FTA in 2020–2021, GoAnywhere MFT in early 2023, and MOVEit in May 2023) to conduct large-scale theft and extortion—often emphasizing data exfiltration over encryption. Read more

Posted on AI Infrastructure Risk Cloud Security Vulnerability Intelligence

HTTP/2 Rapid Reset (CVE-2023-44487) highlights a web-scale protocol abuse pattern for DDoS

Cloudflare documented a record-scale DDoS wave that abused HTTP/2 stream cancellation (RST_STREAM) to generate extreme request rates with a relatively small botnet. The “Rapid Reset” technique (tracked as CVE-2023-44487) exploits HTTP/2’s ability to open many concurrent streams and then instantly cancel them, letting attackers recycle concurrency slots faster than some servers and intermediaries can clean up state. Cloudflare said attacks began Aug. 25, 2023 and peaked just above 201 million requests per second, observed alongside similar activity reported by Google and AWS, prompting coordinated disclosure to vendors and critical infrastructure providers. Read more