The person or people that implanted malicious code into XZ Utils put time and effort into building trust in the open source software ecosystem.
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources.
CISA has laid out the proposed details of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).
The malicious code (which is being tracked as CVE-2024-3094) is embedded in XZ Utils versions 5.6.0 and 5.6.1, and may allow unauthorized access to impacted systems.
The U.S. government is looking for more information about the individuals affiliated with the BlackCat ransomware group, which was behind the Change Healthcare attack.