On March 30, 2024, the US Cyber Defense Agency echoed a new critical backdoor vulnerability in a linux common package (XZ-utils library): CVE-2024-3094.
What could be the affect?
Under certain conditions, this backdoor could allow a malicious actor to break authentication, allowing the attacker to gain access to the affected system
What did we do since the announcement?
We scanned all our Linux instances, in order to check whether we are vulnerable and take the recommended actions to minimize the risk
Current status
After completing the scanning and take the relevant actions, all our systems are secured and not vulnerable.