Binarly Releases Free Detection Tool for XZ Backdoor
1.4.2024 23:39:00 EEST | Business Wire | Press release
Binarly, provider of an industry leading AI-powered firmware and software supply chain security platform, has created and released a free scanning tool to help defenders spot signs of the dangerous XZ backdoor (CVE-2024-3094).
The XZ.fail detection tool was released less than 24 hours after the discovery of a backdoor in the open-source XZ Utils, which provides lossless data compression on virtually all Unix-like operating systems, including Linux. (See CISA advisory).
According to Binarly chief executive Alex Matrosov, the tool includes generic IFUNC implantation detection with close to zero false-positives, showcasing the company’s binary code intelligence engine in action.
“This detection is based on behavioral analysis and can detect any invariants automatically if a similar backdoor is implanted somewhere else,” Matrosov added.
“Such a complex and professionally designed implantation framework is not developed for a one-shot operation. It could already be deployed elsewhere or partially reused in other operations. That’s exactly why we started focusing on more generic detection for this complex backdoor,” Matrosov added.
For those seeking more comprehensive detection and remediation strategies, the Binarly Transparency Platform offers an in-depth solution. With XZ detection capabilities deployed, the platform facilitates easy identification of malicious activities at scale, enabling users to take prompt and effective action to safeguard their software supply chains.
The XZ backdoor came to light on March 29, 2024, when a thread was published on Openwall's oss-security mailing list by Andres Freund, revealing a potential compromise in the open-source code.
For more information read our research article and access the free XZ backdoor scanner at XZ.fail.
About Binarly:
Binarly is a global firmware and software supply chain security company founded in 2021. The company’s flagship Binarly Transparency Platform is an enterprise-class, AI-powered solution used by device manufacturers, OEMs, IBVs and product security teams to identify known and unknown vulnerabilities, misconfigurations and signs of malicious code implantation. Binarly’s validated remediation playbooks have significantly reduced the cost and time to respond to security exposures. Based in Los Angeles, California, Binarly brings decades of research and program analysis expertise to build solutions to protect businesses, critical infrastructure, and consumers around the world.
To view this piece of content from cts.businesswire.com, please give your consent at the top of this page.
View source version on businesswire.com: https://www.businesswire.com/news/home/20240401230046/en/
Contact information
media@binarly.io
818.351.9637
About Business Wire
For more than 50 years, Business Wire has been the global leader in press release distribution and regulatory disclosure.
Subscribe to releases from Business Wire
Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.
Latest releases from Business Wire
DC Secretary Announces Annual Determinations Committees Outcome29.4.2026 16:36:00 EEST | Press release
DC Administration Services, Inc. has today announced the composition of five regional Determinations Committees (DCs), effective from April 29, 2026. Global Dealer Voting Members (for all Regions): Non-Dealer Voting Members (for all Regions): Bank of America, N.A. Citadel Americas LLC Barclays Bank plc Elliott Investment Management L.P. BNP Paribas Pacific Investment Management Company LLC Citibank, N.A. Deutsche Bank AG Goldman Sachs International JPMorgan Chase Bank, N.A. Regional Dealer Voting Member for the Americas, EMEA, Asia Ex-Japan, and Japan Determination Committees: CCP Members for the Americas, EMEA, Asia Ex-Japan, and Australia-New Zealand Determinations Committees: Mizuho Securities Co., Ltd. ICE Clear Credit LLC LCH S.A. The process for selecting DC members is specified in the DC rules. The DC rules, along with more information about the Determinations Committees and what they do can be found at the Determinations Committees website: https://www.cdsdeterminationscommitte
Boomi Builds Analyst Momentum Across Integration, API Management, Data Management, and Agentic AI29.4.2026 16:00:00 EEST | Press release
Boomi, the data activation company, today announced continued analyst recognition across multiple strategic technology categories, underscoring the company’s momentum as enterprises look for a unified foundation to connect data, applications, APIs, automation, and AI. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260429987428/en/ Boomi Builds Analyst Momentum Across Integration, API Management, Data Management, and Agentic AI Over the past several months, Boomi has been recognized across integration, API management, data management, and agentic AI-related categories. The company was named a Leader and positioned highest for Ability to Execute in the 2026 Gartner® Magic Quadrant™ for Integration Platform as a Service, marking Boomi’s 12th consecutive year as a Leader. Boomi was also named a Leader in the IDC MarketScape: Worldwide API Management 2026 Vendor Assessment (doc #US52034025, March 2026) and was recognized as a Cha
CSC Urges Enterprises Evaluate Applying for .BRAND Domains to Navigate AI-Driven Domain Threats and Opportunities29.4.2026 16:00:00 EEST | Press release
CSC, an enterprise-class domain registrar and world leader in mitigating brand, fraud, domain, and domain name system (DNS) threats, today announced a new program to coincide with ICANN’s new Generic Top-Level Domain (gTLD) application window and to support enterprises submitting a .BRAND TLD application between April 30 and August 12, 2026. Owning a .BRAND domain gives an organization exclusive control over its entire domain infrastructure, mitigating third-party lookalike domain registrations that lead to phishing and domain spoofing. This will be the first time ICANN has opened applications for new gTLDs, including .BRANDs, since the inaugural round in 2012. There is no known date for a third window opening. As the largest provider of these domain services globally, CSC manages more than one-third (160+) of all .BRANDs, helping to secure many of the world’s most recognizable brands. Since the round one application window closed in 2012, CSC has provided continuous .BRAND registry ma
Driscoll's Names Wyard Stomp Chief Operating Officer and Expands Shaily Sanghvi's Role to Lead Global Strategy29.4.2026 16:00:00 EEST | Press release
Driscoll's, the world's leading berry brand, today announced two leadership appointments to support CEO Soren Bjorn's long-term strategy to scale the company's proven, flavor-first business model globally, bringing the same deliberate approach that made Driscoll's the #2 retail food and beverage brand in the United States to consumers in every market the company serves. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260429432633/en/ Wyard Stomp has been appointed Chief Operating Officer (COO), a newly created role, while continuing to lead Driscoll's Europe, Middle East, and Africa (EMEA) business. As COO, Stomp will partner closely with the Executive Leadership Team to turn strategy into action, lead cross-functional initiatives, and ensure the company executes at the pace required to support its global growth ambitions. Stomp joined Driscoll's in 2012 and has held several senior leadership roles in Europe and the United St
Dubai Records the World’s Lowest Electricity Customer Minutes Lost at Just 49 Seconds Per Year29.4.2026 15:47:00 EEST | Press release
HE Saeed Mohammed Al Tayer, MD & CEO of Dubai Electricity and Water Authority (DEWA), announced that DEWA has set a new world record for the lowest electricity customer minutes lost (CML), at just 0.82 minutes (about 49 seconds) per year. With this significant achievement, DEWA has surpassed its own previous world record of 0.94 minutes in 2024, representing an improvement of around 13%. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260429386479/en/ Dubai records the world’s lowest electricity customer minutes lost at just 49 seconds per year (Photo: AETOSWire) “We work in line with the vision and directives of His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, to provide the best electricity and water infrastructure in the world. We utilise the latest technologies of the Fourth Industrial Revolution, particularly artificial intelligence, which we are fully i
In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.
Visit our pressroom