After XZ Utils, more open-source software under attack

Published: 2024-04-16 07:32 +02:00 by Agency Staff tag: Information security

The attempt to insert a secret backdoor into XZ Utils “may not be an isolated incident”.

The recent attempt by an unknown actor to sabotage a widely used software program may have been one of several attempts to subvert key pieces of digital infrastructure across the internet, two open-source groups said in an alert published on Monday.

In a joint statement, the Open Source Security Foundation and the OpenJS Foundation said the attempt to insert a secret backdoor into XZ Utils , a little-known program that is baked into Linux operating systems across the world, “may not be an isolated incident”.

They said at least three different JavaScript projects were targeted by unnamed individuals demanding suspicious updates or asking to be made maintainers of the targeted software.

At least three different JavaScript projects were targeted by unnamed individuals

The JavaScript programming language powers much of the modern web. Omkhar Arasaratnam, the Open Source Security Foundation’s GM, said that one of the targeted packages alone saw tens of millions of downloads a week.

He declined to identify the JavaScript projects by name, saying he wanted to protect an ongoing investigation.

Arasaratnam also said that while it wasn’t clear what the suspected malicious actors were hoping to do — “we stopped them before they got that far” — he suspected they hoped to build backdoors into those projects as well.

Read: Linux on the desktop is gaining ground

The OpenJS and Open Source Security Foundations said they had warned the US Cybersecurity & Infrastructure Security Agency about the suspected infiltration. The agency did not immediately return a message seeking comment. — Raphael Satter, (c) 2024 Reuters

Get breaking news alerts from TechCentral on WhatsApp

Enhanced Investments, Inc.
329 South Oyster Bay Road #2085
Plainview, NY 11803
team@eninvs.com

Important disclosures

Performance results were prepared by Enhanced Investments, and have not been compiled, reviewed or audited by an independent accountant. Performance estimates are subject to future adjustment and revision. Investors should be aware that a loss of investment is possible. Account holdings are for illustrative purposes only and are not investment recommendations. Additional information, including (i) the calculation methodology; and (ii) a list showing the contribution of each holding to the portfolio’s performance during the time period will be provided upon request.
All statements made via social media sites sponsored or maintained by Enhanced Investments and its affiliates are for informational purposes only and do not constitute a comprehensive description of Enhanced Investments' investment advisory services.
Certain investments are not suitable for all investors. Before investing, consider your investment objectives and applicable fees. The rate of return on investments can vary widely over time, especially for long term investments. Investment losses are possible, including the potential loss of all amounts invested. Information provided by Enhanced Investments is for informational and general educational purposes only and is not investment or financial advice.

Nothing on this website should be considered an offer, solicitation of an offer, or advice to buy or sell securities.
Past performance is no guarantee of future results. Any historical returns, expected returns [or probability projections] are hypothetical in nature and may not reflect actual future performance.
All the strategies assume investments in equity invstrumenta only and are more relevant for "agressive investment profile". Eastern European flagship strategy assumes using up to 20% leverage of total portfolio. GlobalCommodities and US Growth strategy currently assume no leverage.
Results for the Enhanced Investments strategies as compared to the performance of Illustrative Benchmarks is for informational purposes only. Our investment program does not mirror that of the Illustrative Benchmarks and the volatility may be materially different from the volatility of Illustrative Benchmarks. Reference or comparison to an Illustrative Benchmark does not imply that strategies of Enhanced Investments will be constructed in the same way as the Illustrative Benchmark or achieve returns, volatility, or other results similar to those of the Illustrative Benchmark. The S&P 500 is an unmanaged market capitalization-weighted index of 500 common stocks chosen for market size, liquidity, and industry group representation to represent U.S. equity performance.
Performance results were prepared by Enhanced Investments, and have not been compiled, reviewed or audited by an independent accountant. Performance estimates are subject to future adjustment and revision. Investors should be aware that a loss of investment is possible. Account holdings are for illustrative purposes only and are not investment recommendations. Additional information, including (i) the calculation methodology; and (ii) a list showing the contribution of each holding to the portfolio’s performance during the time period will be provided upon request.
All statements made via social media sites sponsored or maintained by Enhanced Investments and its affiliates are for informational purposes only and do not constitute a comprehensive description of Enhanced Investments' investment advisory services.
Certain investments are not suitable for all investors. Before investing, consider your investment objectives and applicable fees. The rate of return on investments can vary widely over time, especially for long term investments. Investment losses are possible, including the potential loss of all amounts invested. Information provided by Enhanced Investments is for informational and general educational purposes only and is not investment or financial advice.