Dear listers, Once in a while, we are reminded of how the internet is fragile and how securing it is even more fragile. Someone or a team managed to add a backdoor to software that's used by approximately 80% of the internet. This backdoor would have allowed unauthorized remote access to any affected system. This was detected by sheer luck and is being tracked as CVE-2024-3094; see attached. This attack is suspected to be the work of a nation-state actor and might have started in 2022. It shows the threat posed by supply chain attacks and open-source software. It also highlights the challenges involved in maintaining open-source software and how a malicious threat actor can exploit these challenges to their advantage. Organizations should invest in processes and tools that maintain a software bill of materials (SBOM). This ensures that attacks like this can be detected faster and improves organizational mean time to detect (MTTD). Security is a layered approach. As much as CVE-2024-3094 would have gone unnoticed, a reduced threat surface would have reduced the possibility of the threat. -- with kind regards Muchilwa Lawrence https://overwatch.or.ke www.testmyids.ke
