Panther is aware of and tracking a high-severity software supply chain vulnerability affecting the Linux library XZ Utils versions 5.6.0 and 5.6. The vulnerability has been assigned CVE-2024-3094, with a CVSS score of 10 indicating the highest possible severity score.
Background
The XZ Utils library is used for data compression on Unix/Linux operating systems. It is a command-line tool used to compress and decompress XY files. On March 29, 2024, a supply-chain compromise was discovered in the XZ package as malicious code that could provide a backdoor into systems through this utility. At this time, it is believed that only XZ Utils versions 5.6.0 and 5.6.1 are impacted.
It is too early to tell if the malicious code has been exploited, as the issue was just discovered, research is still ongoing, and more information will be made available by the security community in the coming days, we will update this page with more information as it is available. It is uncertain if the individual who made the code commits containing the malicious code is directly responsible or if their system or accounts have been compromised.
Is Panther Affected?
Panther’s security team has assessed the vulnerability, and at this time it does not impact the Panther platform. We will continue to evaluate the risk as more information is made available. It is also important to note that Amazon Web Services (AWS) states that its infrastructure is not impacted, as it does not utilize the XZ Utils library at all.
How to Identify if a System Is Affected
Most systems using the XS Utils library are running version 5.2 / 5.4, which are not affected, 5.6 is the compromised version. To identify if your system is impacted you can run “xz -V” on the command line to see what version you are running.
What if My System Has the Affected Version?
It is recommended that users downgrade their XZ Utils to the prior uncompromised version, such as XZ Utils 5.4.6 Stable. As the issue is still being investigated, there are currently no IoCs or specific guidance on what to look for to identify if a system has been exploited. If you identify a system with the affected version, extra vigilance should be applied to monitor those systems and hunt for signs of malicious activity. Panther is aware of and tracking a high-severity software supply chain vulnerability affecting the Linux library XZ Utils versions 5.6.0 and 5.6. The vulnerability has been assigned CVE-2024-3094, with a CVSS score of 10 indicating the highest possible severity score.
An Email #Scam Using CIBC’s Name Is Making The Rounds
Posted in Commentary with tags CIBC, Scam on March 30, 2024 by itnerdThere’s lots of scams out there for you to keep an eye on. And I’m adding one more to the list. That scam will show up in your inbox and look like this.
Now scams will often present a problem that requires immediate action to make you fall for it. This one is no different. Apparently my online access has been revoked and I need to “click to gain accss”. The spelling of the word access was my first hint that this was a scam email. The second was that there were two commas after the word customer. Then there’s the fact that I am not specifically named in this email. Any email I’ve gotten from CIBC as that’s my bank has my full name in it. So that’s three strikes and this email should be deleted. But there’s actually a fourth problem with this email:
This didn’t come from CIBC as the email address is wrong. The correct email address that CIBC uses is this one:
At this point, I should have deleted the email and moved on. But as you know, that’s not how I roll. So I copied the URL into the web browser on my testing computer and got this:
Now I will give the threat actor some points for registering a URL that looks like “CIBC-Online” so that you will be fooled into thinking that this is the actual CIBC website. The use of a CAPTCHA is an interesting touch as that adds a vibe that this is the legitimate CIBC website. Click on the “I’m not a robot” part and you get this:
Again, I have to give the threat actor credit here for creating a very convincing fake CIBC website. And the part at the bottom left where it says “Safe banking online, guaranteed” is a nice touch. Even though there is nothing safe about this website. One area where they failed at is the check box for “show password”. It doesn’t work. that’s a hint that this is a fake website. Though they didn’t get every aspect right. Take this for example:
They had a couple of missing images. No legitimate bank would ever let a website go online with that sort of screw up.
Another sign that this is a skilled threat actor is the fact that they had code that validates that the card number that you enter is real. That way they know if they got some valid credentials that they can use to presumably drain your bank account dry. I say presumably because this is as far as I got. But that’s as far as I needed to get to be able to document this scam and bring it to you so that you don’t fall for it. Thus as always, if you get an email that looks like this, delete it and move on with your day.
Leave a comment »