CA-BINARLY
1.4.2024 22:40:34 CEST | Business Wire | Press release
Binarly, provider of an industry leading AI-powered firmware and software supply chain security platform, has created and released a free scanning tool to help defenders spot signs of the dangerous XZ backdoor (CVE-2024-3094).
The XZ.fail detection tool was released less than 24 hours after the discovery of a backdoor in the open-source XZ Utils, which provides lossless data compression on virtually all Unix-like operating systems, including Linux. (See CISA advisory).
According to Binarly chief executive Alex Matrosov, the tool includes generic IFUNC implantation detection with close to zero false-positives, showcasing the company’s binary code intelligence engine in action.
“This detection is based on behavioral analysis and can detect any invariants automatically if a similar backdoor is implanted somewhere else,” Matrosov added.
“Such a complex and professionally designed implantation framework is not developed for a one-shot operation. It could already be deployed elsewhere or partially reused in other operations. That’s exactly why we started focusing on more generic detection for this complex backdoor,” Matrosov added.
For those seeking more comprehensive detection and remediation strategies, the Binarly Transparency Platform offers an in-depth solution. With XZ detection capabilities deployed, the platform facilitates easy identification of malicious activities at scale, enabling users to take prompt and effective action to safeguard their software supply chains.
The XZ backdoor came to light on March 29, 2024, when a thread was published on Openwall's oss-security mailing list by Andres Freund, revealing a potential compromise in the open-source code.
For more information read our research article and access the free XZ backdoor scanner at XZ.fail.
About Binarly:
Binarly is a global firmware and software supply chain security company founded in 2021. The company’s flagship Binarly Transparency Platform is an enterprise-class, AI-powered solution used by device manufacturers, OEMs, IBVs and product security teams to identify known and unknown vulnerabilities, misconfigurations and signs of malicious code implantation. Binarly’s validated remediation playbooks have significantly reduced the cost and time to respond to security exposures. Based in Los Angeles, California, Binarly brings decades of research and program analysis expertise to build solutions to protect businesses, critical infrastructure, and consumers around the world.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20240401230046/en/
About Business Wire
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
Enhertu® Approved in the EU as First Tumor Agnostic HER2 Directed Therapy and Antibody Drug Conjugate for Patients with Previously Treated HER2 Positive Metastatic Solid Tumors29.6.2026 08:30:00 CEST | Press release
Approval based on three phase 2 trials of Daiichi Sankyo and AstraZeneca’s Enhertu that demonstrated clinically meaningful responses across a broad range of tumors Enhertu now approved for six indications in the EU Enhertu® (trastuzumab deruxtecan) has been approved in the European Union (EU) as a monotherapy for the treatment of adult patients with unresectable or metastatic HER2 positive (immunohistochemistry [IHC] 3+) solid tumors who have received prior treatment and who have no satisfactory treatment options. Enhertu is a specifically engineered HER2 directed DXd antibody drug conjugate (ADC) discovered by Daiichi Sankyo (TSE: 4568) and being jointly developed and commercialized by Daiichi Sankyo and AstraZeneca (LSE/STO/NYSE: AZN). The approval by the European Commission follows the positive opinion of the Committee for Medicinal Products for Human Use of the European Medicines Agency and is based on results from subgroups of patients with HER2 positive (IHC 3+) tumors across thr
Beerenberg Prevails in Patent Case Against Aspen Aerogels29.6.2026 07:00:00 CEST | Press release
The ruling confirms that Beerenberg did not infringe Aspen Aerogels’ patents. The Korean Patent Court has invalidated three of Aspen Aerogels’ patents related to improved hydrophobic aerogel material. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260628192007/en/ Beerenberg delivers high-end insulation solutions built for performance, reliability, and long-term value. (Photo: Beerenberg) The ruling confirms the conclusion of the Intellectual Property Trial and Appeal Board (IPTAB) that the patents did not meet the necessary requirements for patentability. Beerenberg, which specializes in high-end insulation products, welcomes the court’s decision. “We are pleased that the case has now been concluded and that any uncertainty regarding the infringement claims has been removed,” says CEO Arild Apelthun. About Beerenberg Beerenberg has delivered cost-efficient solutions to a wide range of industrial enterprises for 49 years. Th
Seiden Law LLP States: Cambodian Businessman Leak Yim, Wrongfully Accused in Thailand, Seeks Redress in U.S. Court29.6.2026 06:00:00 CEST | Press release
Seiden Law LLP (“Seiden Law”), legal counsel for Mr. Leak Yim, a Cambodia national, and his family, announces the filing of an application in U.S. federal district court in Washington D.C., seeking court-ordered discovery to uncover the false and misleading information that may have led to mistaken prosecution in Thailand of Mr. Yim as well as his unwarranted identification to Congress as being associated with scam centers in Asia. 28 U.S.C. § 1782 (“1782”) provides powerful evidence-gathering remedies, permitting an applicant to obtain evidence in the United States to assist international proceedings. Seiden Law, a U.S. law firm with significant experience in 1782 cases, has filed this application to compel production of documents and sworn testimony from persons in the U.S. that will shed light on the circumstances surrounding recent actions against Mr. Yim. “Mr. Yim and his young family are the apparent victims of guilt by association and political persecution,” said Robert Seiden,
Sultan Bin Ahmed Attends Media Master's Graduation in Spain28.6.2026 18:40:00 CEST | Press release
His Highness Sheikh Sultan bin Ahmed bin Sultan Al Qasimi, Deputy Ruler of Sharjah and President of the University of Sharjah (UOS), attended on Friday, at the University of Barcelona, the graduation ceremony of the first cohort of the Master of Science in Media Entrepreneurship and Digital Innovation programme, first of its kind, offered by the University of Sharjah's College of Communication in partnership with the University of Barcelona and with strategic support from Sharjah Media City (Shams). This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260628429537/en/ Sultan Bin Ahmed attends Media Master's Graduation in Spain (Photo: AETOSWire) His Highness expressed his pride in their achievements and praised the strong partnership between the two universities, which share a commitment to knowledge, excellence and global understanding. His Highness stressed that graduation marks the beginning of a new journey rather than its con
VerSprite Launches Fork and Knife: AI-Driven Threat Modeling and Adversarial Testing Built for the Speed of Modern Software26.6.2026 23:28:00 CEST | Press release
Powered by the risk-centric PASTA methodology and two decades of accredited offensive security, the integrated platform lets enterprises threat model in a security sprint—then prove the risk through AI-led, human-on-the-loop testing. VerSprite, a global leader in risk-based threat modeling and the firm behind the PASTA (Process for Attack Simulation and Threat Analysis) methodology, today announced the general availability of Fork (www.forktm.com), a continuous application threat modeling platform, alongside Knife, an AI-led, human-on-the-loop adversarial testing platform for web applications and web API endpoints. Together, the two products operationalize a new model for product security—one where applications are securely designed, continuously modeled, and actively tested as part of the build process itself. The launch addresses a problem every security leader knows but few tools have solved: threat modeling is essential, never more so than in an AI-driven era, yet it has remained s
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom