Another big security event happened.
This time, it’s that the “xz” project was backdoored. The full details and impact of the attack are still being understood, with Linux distros and other systems that have integrated the malicious code now raising their antibodies and responding. This will continue as we figure out the scope, and secondary impacts and recommended next steps like rotating SSH keys and detecting if individual systems have been compromised will no doubt come as well.
Continue Reading →