Subj : A new XZ backdoor scanner will be able to safeguard any Linux bin
To   : All
From : TechnologyDaily
Date : Wed Apr 03 2024 16:45:05

A new XZ backdoor scanner will be able to safeguard any Linux binary from 
threats

Date:
Wed, 03 Apr 2024 15:30:35 +0000

Description:
Binarly's scanner could save you a lot of time and a few headaches.

FULL STORY
======================================================================

IT teams worried about the XZ Utils supply chain attack can breathe a bit 
more easily after Binarly released a free online scanner to ease worries. 

Cybersecurity researchers looking into slow SSH logins on Debian Sid recently 
discovered a backdoor in the latest version of XZ Utils, a set of data 
compression tools and libraries, used by major Linux distros . 

The backdoor leveraged a vulnerability tracked as CVE-2024-3094, and was 
introduced to XZ version 5.6.0 by a pseudonymous attacker, and it persisted 
in 5.6.1. Soon after its discovery, the cybersecurity community rallied to 
address the issue, with CISA suggesting downgrading the tool to 5.4.6. 
Stable, and then hunting for, and reporting, any malicious activity. Better 
results 

Other security teams started byte string matching, file hash blocklisting, 
and different YARA rules, all of which werent exceptionally effective. Some 
even led to false positives, which only made the problem worse. 

Enter Binarly, with a dedicated scanner that works for the particular 
library, and any file with the same backdoor. 

"Such a complex and professionally designed comprehensive implantation 
framework is not developed for a one-shot operation. It could already be 
deployed elsewhere or partially reused in other operations. That's exactly 
why we started focusing on more generic detection for this complex backdoor," 
Binarly said in its announcement. 

Compared to previous methods, this scanner returns better results, it was 
said, as it scans for various supply chain points beyond just the XZ Utils 
project. 

"This detection is based on behavioral analysis and can detect any variants 
automatically if a similar backdoor is implanted somewhere else," Binarly's 
lead security researcher and CEO, Alex Matrosov, told BleepingComputer . 
"Even after recompilation or code changes, we will detect it," Matrosov 
added. 

The scanner can be found at xz.fail. More from TechRadar Pro Huge backdoor 
discovered that could compromise SSH logins on Linux Here's a list of the 
best firewalls around today These are the best endpoint security tools right 
now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/a-new-xz-backdoor-scanner-will-be-able-
to-safeguard-any-linux-binary-from-threats


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.