Threat Intelligence

The latest release of the Binarly Transparency Platform (version 3.5) introduces several new features designed to help organizations strengthen and secure software supply chains. One key enhancement is the integration and full support of YARA, the de facto standard widely used for malware detection, threat hunting, and digital forensics.

Binarly, the industry leader in software and firmware supply‑chain security, will take the keynote day stage at LABScon for the fourth year in a row, reinforcing the company's role as a go-to source for groundbreaking technical research at one of the cybersecurity industry's premier conferences. This year's presentation, Signed and Dangerous: BYOVD Attacks on Secure Boot, presents the first large-scale census of signed UEFI modules, drawn from both public threat intelligence feeds and Binarly's private telemetry.

The Binarly REsearch team conducted an analysis of signed UEFI modules and the findings show the true scale of the attack surface hidden inside Secure Boot's trust model. Across thousands of firmware images, we found that modern platforms typically trust approximately 1,500 signed modules, with some builds peaking above 4,000.

In this blog, we share a new finding in the XZ Utils saga: several Docker images built around the time of the compromise contain the backdoor. At first glance, this might not seem alarming: if the distribution packages were backdoored, then any Docker images based on them would be infected as well. However, what we discovered is that some of these compromised images are still publicly available on Docker Hub.

Introducing Exploitation Maturity Score (EMS), designed to measure the present by using real-world signals like public PoCs, exploit reliability, ransomware activity, public and private threat intelligence telemetry.

The latest release of the Binarly Transparency Platform introduces powerful new capabilities that bring clarity to the chaos of vulnerability management and software supply chain security. This update is purpose-built to help enterprise defenders to prioritize what truly matters and to surface the vulnerabilities that pose real, immediate security risk.

Over the past few years, the Binarly Research team has led the way in documenting security problems haunting the entire UEFI ecosystem. We presented our discoveries at major security conferences like OffensiveCon, Black Hat, LABScon and RE//verse to share data and collaborate with the industry to secure the UEFI ecosystem.

Microcode has always been a crucial component in platform security for the x86 ecosystem. Any vulnerability in microcode leads to significant issues and long-standing side effects across the entire industry. Last week, we witnessed a rare instance of such a vulnerability highlighting potential gaps in AMD's product security practices, prompting industry-wide discussion on the security implications for confidential computing.

Binarly REsearch provides a retrospective view on how updates to dbx were handled, both for this new CVE and in the past.

After discovering PKFail, the Binarly REsearch team went on the hunt for other instances of non-production test keys being used in firmware binaries. In this case, non-production test keys were originally generated by reference implementation vendors sitting at the top of the supply chain and then propagated to downstream vendors which often failed to replace them.

Uncover the UEFI's dark side with a groundbreaking study on Cross-Silicon Exploitation. Explore ARM's impact on UEFI security in this technical dive.

Uncover insights into key misuse in integrated firmware images with BINARLY's analysis of Intel's explanation. Discover the impact on the software supply chain.

BleepingComputer reports on BlackLotus bootkit source code leak.

Dark Reading covers BlackTech APT firmware attacks on Cisco devices.

Protect Your Devices: Uncover the Stealthy BlackTech Firmware Threat - Latest findings from NSA, FBI, CISA & NISC. Stay informed & secure.

Uncover the challenges of lingering vulnerabilities in reference code within a fractured ecosystem. Learn how these issues impact supply chains.

Uncover the impact of leaked MSI source code and Intel OEM keys on the software supply chain. Deep dive by BINARLY security experts. Implications revealed!

Uncover the secrets of the Black Lotus UEFI Bootkit. Explore the history and challenges of detecting and analyzing rootkits and bootkits. Dive into the world of advanced threat analysis.

Uncover vulnerabilities in UEFI firmware with insights on OpenSSL updates & SBOMs. Discover the impact on supply chain security. Stay informed.

Understand the repercussions of leaked Intel Boot Guard keys. Discover how it can impact the software supply chain. Stay informed with our insightful analysis.

Discover new attacks to bypass and disable Windows Management Instrumentation in the LABSCon Edition. Learn about the 'one-bit change attack' and its impact on endpoint security solutions.

Discover the dark world of firmware vulnerabilities and persistent cyber threats with Black Hat 2022. Unveiling the Intel PPAM attack story and more!

Discover how BINARLY's Research Team is boosting enterprise device security with coordinated disclosures. Stay informed on patching Dell BIOS vulnerabilities.

Unlock the depths of UEFI with Kaspersky Lab's new discovery, MoonBounce. Explore this intriguing UEFI firmware threat and the world of APT malware.

Uncover how the firmware supply chain security is at risk and explore solutions with BINARLY CEO's insights. Dive into the evolving threats.

Enhance firmware security with insights on modern EDR design flaws bypassing ETW-based solutions. Learn more from BINARLY experts at Black Hat Europe 2021.

Discover how BIOS Watchers safeguard against vulnerabilities in Intel Boot Guard implementation. Unveil key insights from recent research at Black Hat Vegas.