Business Wire

Binarly Releases Free Detection Tool for XZ Backdoor

Share

Binarly, provider of an industry leading AI-powered firmware and software supply chain security platform, has created and released a free scanning tool to help defenders spot signs of the dangerous XZ backdoor (CVE-2024-3094).

The XZ.fail detection tool was released less than 24 hours after the discovery of a backdoor in the open-source XZ Utils, which provides lossless data compression on virtually all Unix-like operating systems, including Linux. (See CISA advisory).

According to Binarly chief executive Alex Matrosov, the tool includes generic IFUNC implantation detection with close to zero false-positives, showcasing the company’s binary code intelligence engine in action.

“This detection is based on behavioral analysis and can detect any invariants automatically if a similar backdoor is implanted somewhere else,” Matrosov added.

“Such a complex and professionally designed implantation framework is not developed for a one-shot operation. It could already be deployed elsewhere or partially reused in other operations. That’s exactly why we started focusing on more generic detection for this complex backdoor,” Matrosov added.

For those seeking more comprehensive detection and remediation strategies, the Binarly Transparency Platform offers an in-depth solution. With XZ detection capabilities deployed, the platform facilitates easy identification of malicious activities at scale, enabling users to take prompt and effective action to safeguard their software supply chains.

The XZ backdoor came to light on March 29, 2024, when a thread was published on Openwall's oss-security mailing list by Andres Freund, revealing a potential compromise in the open-source code.

For more information read our research article and access the free XZ backdoor scanner at XZ.fail.

About Binarly:

Binarly is a global firmware and software supply chain security company founded in 2021. The company’s flagship Binarly Transparency Platform is an enterprise-class, AI-powered solution used by device manufacturers, OEMs, IBVs and product security teams to identify known and unknown vulnerabilities, misconfigurations and signs of malicious code implantation. Binarly’s validated remediation playbooks have significantly reduced the cost and time to respond to security exposures. Based in Los Angeles, California, Binarly brings decades of research and program analysis expertise to build solutions to protect businesses, critical infrastructure, and consumers around the world.

To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.

Contact information

media@binarly.io
818.351.9637

About Business Wire

Business Wire
Business Wire
24 Martin Lane
EC4R 0DR London

+44 20 7626 1982http://www.businesswire.co.uk

(c) 2018 Business Wire, Inc., All rights reserved.

Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

BM3EAC Corp. 2023 Annual Report12.4.2024 19:14:00 CEST | Press release

BM3EAC Corp. (the “Company”), a shell company that was incorporated on 21 April 2021 under the laws of the Cayman Islands as an exempted company with limited liability and is listed on Euronext Amsterdam, today published its annual report for the period 1 January 2023 to 31 December 2023. The full report can be downloaded from the Company’s website via the following link: https://www.brigadem3eac.com/documents IMPORTANT INFORMATION This press release contains information that qualifies as inside information within the meaning of Article 7(1) of the EU Market Abuse Regulation. DISCLAIMER This announcement is not for distribution or release, directly or indirectly, and should not be distributed in or sent into, the United States, Australia, Canada, Japan, the Cayman Islands or South Africa or any other jurisdiction in which such distribution or release would be unlawful or would require registration or other measures. The Company’s annual report referenced in this announcement may includ

INCERT Announces That Keys&More Brings Bespoke KMS to Manufacturers12.4.2024 18:39:00 CEST | Press release

Digital public agency INCERT GIE Luxembourg expands to the private sector with today’s launch of Keys&More, a hardware-agnostic enterprise key management system (KMS) designed for the complex deployment needs of manufacturers and industrial providers. The KMS solution combines (1) a powerful platform for centralized management, (2) flexible deployment options and (3) strategic consulting services. Available via a cloud-based (KMSaaS), on-premises or hybrid option, Keys&More streamlines management of the entire key lifecycle: key preparation, creation, rotation, disabling, archiving and deletion. Through one user-friendly platform, original equipment manufacturers (OEMs) oversee user management, digital signatures, encryption, decryption and beyond. This unified system helps them achieve compliance, boost operational efficiency, cut costs and apply cryptography best practices. As a platform-independent solution, Keys&More functions with any cloud provider and multiple HSM and database v

Indri Becomes the Fastest Growing Single Malt Brand in the World: Sells Over One Hundred Thousand Cases in Its Second Year12.4.2024 16:09:00 CEST | Press release

Indri, India’s 1st and most awarded triple cask single malt, by Piccadily Distilleries, has further solidified India’s growth story with Indri-Trini becoming the ‘fastest growing single malt in the world ever’. No other single malt brand from Scotland, Japan, Taiwan or anywhere else in the world has ever been able to cross the hundred thousand (100 K) cases mark within two years of its launch. With this feat, Indri-Trini has shattered all expectations and broken into the elite club of top selling single malts in the world. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20240412989230/en/ Indri becomes the fastest growing single malt whisky in the world. (Photo: Business Wire) With an unprecedented growth rate of 599% compared to last year, Indri is not just breaking records; it's reinventing the game. Indri has trailblazed its way to capture 30% market share in India. Piccadily Distilleries, with its ambitious expansion plans,

Spiber Inc. Raises Over JPY 10 Billion in Funding to Strengthen Mass Production and Sales Initiatives12.4.2024 09:00:00 CEST | Press release

Spiber Inc. (Director and Representative Executive Officer: Kazuhide Sekiyama; hereinafter “Spiber”), a biomanufacturing startup, is pleased to announce the successful completion of a round of fundraising totaling over JPY 10 billion. This funding, which includes additional investments from existing shareholders, will allow the company to accelerate mass production of its innovative Brewed Protein™ materials and facilitate global sales, further contributing to the advancement of a circular economy. Spiber’s proprietary Brewed Protein™ material is a new category of material¹ developed and refined through more than 15 years of research. By harnessing the diverse, cyclical nature of proteins, one of the key building blocks of Earth’s ecosystem, the company aims to realize a circular economy that can exist in harmony with nature. Using cutting-edge biotechnology, Spiber’s proteins are meticulously designed at the DNA level and manufactured through a proprietary microbial fermentation proce

Jefferies Financial Group Inc. Announces Pricing of €750,000,000 3.875% Fixed Rate Senior Unsecured Notes Due 2026 and €500,000,000 4.000% Fixed Rate Senior Unsecured Notes Due 202911.4.2024 23:28:00 CEST | Press release

On April 9, 2024, Jefferies Financial Group Inc. (NYSE: JEF) (“JFG”, “we” or “our”) priced €750,000,000aggregate principal amount of 3.875% Fixed Rate Senior Unsecured Notes Due 2026 (the “2026 Notes”) and €500,000,000aggregate principal amount of4.000% Fixed Rate Senior Unsecured Notes Due 2029 (the “2029 Notes” and, together with the 2026 Notes, the “Notes”), each under its Euro Medium Term Note Program. The 2026 Notes will mature on April 16, 2026 and the 2029 Notes will mature on April 16, 2029. The offering of the Notes is expected to settle on April 16, 2024, subject to the satisfaction of customary closing conditions. JFG intends to use the net proceeds from the offering of the Notes for general corporate purposes. The Notes have not been and will not be registered under the Securities Act of 1933, as amended, and may not be offered or sold in the United States absent registration or an applicable exemption from registration requirements. This press release does not and will not

HiddenA line styled icon from Orion Icon Library.Eye