Security News

Microsoft fixes Secure Boot bug allowing Windows rootkit installation
2021-01-13 11:24

Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system's booting process even when Secure Boot is enabled. "An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software," Microsoft explains.

Microsoft fixes Windows 10 chkdsk bug causing boot failures
2020-12-21 08:43

Microsoft has acknowledged a new issue impacting Windows 10 customers that might cause booting to fail on devices where the chkdsk tool has been used to repair logical file system errors. Chkdsk is a command-line utility that can be used to check a Windows device's volumes for file system and file system metadata logical and physical errors.

Google Boots 21 Bogus Gaming Apps from Play Marketplace
2020-10-27 12:10

Researchers have discovered a raft of malicious gaming apps on Google Play that come loaded with adware, signaling that the tech giant continues to struggle with keeping bad apps off its online marketplace. Among these endeavors include stronger vetting mechanisms-which resulted in more than 790,000 apps that violate Google's policies for app submission stopped last year before they were ever published-as well as an alliance with three endpoint security firms to help stop malicious apps before they get to Google Play.

Apple's T2 custom secure boot chip is not only insecure, it cannot be fixed without replacing the silicon
2020-10-08 11:04

Apple's T2 security chip is insecure and cannot be fixed, a group of security researchers report. Over the past three years, a handful of hackers have delved into the inner workings of the custom silicon, fitted inside recent Macs, and found that they can use an exploit developed for iPhone jailbreaking, checkm8, in conjunction with a memory controller vulnerability known as blackbird, to compromise the T2 on macOS computers.

NSA Publishes Guidance on UEFI Secure Boot Customization
2020-09-16 11:53

According to the NSA incompatibility issues often result in Secure Boot being disabled, which the agency advises against. "Customization enables administrators to realize the benefits of boot malware defenses, insider threat mitigations, and data-at-rest protections. Administrators should opt to customize Secure Boot rather than disable it for compatibility reasons. Customization may - depending on implementation - require infrastructures to sign their own boot binaries and drivers," the NSA says.

Worried about bootkits, rootkits, UEFI nasties? Have you tried turning on Secure Boot, asks the No Sh*! Agency
2020-09-16 00:40

The American surveillance super-agency's 39-page explainer [PDF] covers UEFI security and, in particular, how folks can master Secure Boot and avoid switching it off for compatibility reasons. Secure Boot is a mechanism that uses cryptography to ensure you're booting an operating system that hasn't been secretly meddled with; any addition of a bootkit or rootkit should be caught by Secure Boot.

Billions of Devices Impacted by Secure Boot Bypass
2020-07-29 19:53

According to Eclypsium researchers, the bug tracked as CVE-2020-10713 could allow attackers to get around these protections and execute arbitrary code during the boot-up process, even when Secure Boot is enabled and properly performing signature verification. "During the parser stage, the configuration values are copied to internal buffers stored in memory. Configuration tokens that are longer in length than the internal buffer size end up leading to a buffer overflow issue. An attacker may leverage this flaw to execute arbitrary code, further hijacking the machine's boot process and bypassing Secure Boot protection. Consequently, it is possible for unsigned binary code to be loaded, further jeopardizing the integrity of the system."

GRUB2, you're getting too bug for your boots: Config file buffer overflow is a boon for malware seeking to drill deeper into a system
2020-07-29 17:00

An annoying vulnerability in the widely used GRUB2 bootloader can be potentially exploited by malware or a rogue insider already on a machine to thoroughly compromise the operating system or hypervisor while evading detection by users and security tools. Any system on which GRUB2 can be installed and run at boot-time is potentially vulnerable.

Tycoon malware rages through US schools, LG's boot problem, and QNAP admins had better get busy
2020-06-08 07:45

According to BlackBerry, the Tycoon attack can be difficult to detect, thanks to it being written in Java and deployed within its own Runtime Environment. Admins of Cisco Nexus and UCS gear should make sure their firmware is updated with the latest NX-OS fix from Switchzilla.

Boots yanks loyalty card payouts after 150K accounts get stuffed
2020-03-06 10:53

Boots, a UK pharmacy chain, has suspended payments on the loyalty cards of 14.4 million active customers after its security team spotted "Unusual" activity on a number of Boots Advantage Card accounts. If Boots wasn't hacked, then where did crooks get the credentials that they've evidently used to try to get into people's Advantage Card accounts so they can make fraudulent purchases on what we refer to in the States as "Somebody else's dime?".