Secure Boot | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems. Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks. Also tracked as IranuKit , it was uploaded to the VirusTotal platform on November 5, 2024. "The bootkit's main goal is to disable the kernel's signature verification feature and to preload two as yet unknown ELF binaries via the Linux init process (which is the first process executed by the Linux kernel during system startup)," ESET researchers Martin Smolár and Peter Strýček said . The development is significant as it heralds a shift in the cyber threat landscape where UEFI bootkits are no longer confined to Windows systems alone . It's worth noting that Bootkitty is signed by a self-signed certificate, a...

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being able to compromise several devices over the air," NCC Group security researchers Alex Plaskett and Robert Herrera said . Successful exploitation of one of these flaws could allow a remote attacker to obtain covert audio capture from Sonos devices by means of an over-the-air attack. They impact all versions prior to Sonos S2 release 15.9 and Sonos S1 release 11.12, which were shipped in October and November 2023. The findings were presented at Black Hat USA 2024. A description of the two security defects is as follows - CVE-2023-50809 - A vulnerability in the Sonos One Gen 2 Wi-Fi stack that does not properly validate an information element while negotiating a WPA2 four-wa...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

The maintainers of shim have released  version 15.8  to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as  CVE-2023-40547  (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the Microsoft Security Response Center (MSRC) has been  credited  with discovering and reporting the bug. Major Linux distributions that use shim such as Debian , Red Hat , SUSE , and Ubuntu have all released advisories for the security flaw. "The shim's http boot support (httpboot.c) trusts attacker-controlled values when parsing an HTTP response, leading to a completely controlled out-of-bounds write primitive," Oracle's Alan Coopersmith  noted  in a message shared on the Open Source Security mailing list oss-security. Demirkapi, in a  post  shared on X (formerly Twitter) late last month, said the vulnerability...

The Unified Extensible Firmware Interface ( UEFI ) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled  LogoFAIL  by Binarly, "can be used by threat actors to deliver a malicious payload and bypass Secure Boot, Intel Boot Guard, and other security technologies by design." Furthermore, they can be weaponized to bypass security solutions and deliver persistent malware to compromised systems during the boot phase by injecting a malicious logo image file into the  EFI system partition . While the issues are not silicon-specific, meaning they impact both x86 and ARM-based devices, they are also UEFI and IBV-specific. The vulnerabilities comprise a heap-based buffer overflow flaw and an out-of-bounds read, details of which are expected to be made public later this week at the  Black Hat Europe con...

Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as  CVE-2022-4020 , the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as an issue that "may allow changes to Secure Boot settings by creating NVRAM variables." Credited with  discovering  the flaw is ESET researcher Martin Smolár, who previously disclosed  similar bugs  in Lenovo computers. Disabling Secure Boot, an integrity mechanism that guarantees that only trusted software is loaded during system startup, enables a malicious actor to tamper with  boot loaders , leading to severe consequences. This includes  granting  the attacker complete control over the operating system loading process as well as "disable or bypass protections t...

PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices. "The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS," Slovak cybersecurity firm ESET  explained  in a series of tweets. UEFI refers to software that acts as an interface between the operating system and the firmware embedded in the device's hardware. Because UEFI is  responsible  for launching the operating system when a device is powered on, it has made the technology an attractive option for threat actors looking to  drop malware  that's difficult to detect and remove. Viewed in that light, the flaws, tracked as CVE-2022-3430, CVE-2022-3431, and CVE-2022-3432, could be abused by an adversary to turn off Secure Boot, a security mechanism that's designed to prevent malicious programs ...

A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface ( UEFI ) boot loaders that allow bypass of the UEFI Secure Boot feature. "These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loader instead of the existing one," hardware security firm Eclypsium  said  in a report shared with The Hacker News. The following  vendor-specific boot loaders , which were signed and authenticated by Microsoft, have been found vulnerable to the bypass and have been patched as part of the tech giant's  Patch Tuesday update  released this week - Eurosoft Boot Loader ( CVE-2022-34301 ) New Horizon Data Systems Inc Boot Loader ( CVE-2022-34302 ), and Crypto Pro Boot Loader ( CVE-20220-34303 ) Secure Boot is a  security standard  designed to thwart maliciou...

A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide—including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system. Dubbed ' BootHole ' and tracked as CVE-2020-10713 , the reported vulnerability resides in the GRUB2 bootloader, which, if exploited, could potentially let attackers bypass the Secure Boot feature and gain high-privileged persistent and stealthy access to the targeted systems. Secure Boot is a security feature of the Unified Extensible Firmware Interface (UEFI) that uses a bootloader to load critical components, peripherals, and the operating system while ensuring that only cryptographically signed code executes during the boot process. "One of the explicit design goals of Secure Boot is to prevent unauthorized code, even running with administrator privileges, from gaining additional privileges and pre-OS pers...

Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. Dubbed Thrangrycat or 😾😾😾, the vulnerability, discovered by researchers from the security firm Red Balloon and identified as CVE-2019-1649, affects multiple Cisco products that support Trust Anchor module (TAm). Trust Anchor module (TAm) is a hardware-based Secure Boot functionality implemented in almost all of Cisco enterprise devices since 2013 that ensures the firmware running on hardware platforms is authentic and unmodified. However, researchers found a series of hardware design flaws that could allow an authenticated attacker to make the persistent modification to the Trust Anchor module via FPGA bitstream modification and load the malicious bootloader. "An attacker with root privileges on the device can modify the contents of...

It's True  —  There is no such backdoor that only its creator can access. Microsoft has accidentally leaked the Secret keys that allow hackers to unlock devices protected by UEFI ( Unified Extensible Firmware Interface ) Secure Boot feature. What's even worse? It will be impossible for Microsoft to undo its leak. Secure Boot is a security feature that protects your device from certain types of malware, such as a rootkit, which can hijack your system bootloader, as well as, Secure Boot restricts you from running any non-Microsoft operating system on your device. In other words, when Secure Boot is enabled, you will only be able to boot Microsoft approved ( cryptographically signature checking ) operating systems. However, the Golden Keys disclosed by two security researchers, using alias MY123 and Slipstream , can be used to install non-Windows operating systems, say GNU/Linux or Android, on the devices protected by Secure Boot. Moreover, according to the blog po...

Windows 8 PCs contain a new technology called Secure Boot that only boots devices that have been verified by Microsoft. Also Microsoft's own Offline Defender won't boot on Windows 8 PCs with Secure Boot on. Neither will Norton's Bootable Recovery Tool. We asked the guys at FixMeStick how their external hardware-based anti-malware device can boot on brand new Windows 8 hardware with Secure boot on, as well as 10 year old PCs with 32 processors running XP. Here's their answer: 1. It got a Master Boot Record. : In other words, it boots on BIOS-based PCs, essentially all PCs prior to Windows 8. 2. and it got UEFI boot partition : It also got a UEFI boot partition, so it will boot on PCs with the latest UEFI firmware too. 3. It's 32 bit : There's a 32 bit operating system on the stick so it will work with 32 bit microprocessors. Most rescue ISOs\disks are 32 bit only, so by default they work on 32 bit processors and 64 bit processors. 4. and it's 64...