Security News

Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system's booting process even when Secure Boot is enabled. "An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software," Microsoft explains.

Microsoft has acknowledged a new issue impacting Windows 10 customers that might cause booting to fail on devices where the chkdsk tool has been used to repair logical file system errors. Chkdsk is a command-line utility that can be used to check a Windows device's volumes for file system and file system metadata logical and physical errors.

Researchers have discovered a raft of malicious gaming apps on Google Play that come loaded with adware, signaling that the tech giant continues to struggle with keeping bad apps off its online marketplace. Among these endeavors include stronger vetting mechanisms-which resulted in more than 790,000 apps that violate Google's policies for app submission stopped last year before they were ever published-as well as an alliance with three endpoint security firms to help stop malicious apps before they get to Google Play.

Apple's T2 security chip is insecure and cannot be fixed, a group of security researchers report. Over the past three years, a handful of hackers have delved into the inner workings of the custom silicon, fitted inside recent Macs, and found that they can use an exploit developed for iPhone jailbreaking, checkm8, in conjunction with a memory controller vulnerability known as blackbird, to compromise the T2 on macOS computers.

According to the NSA incompatibility issues often result in Secure Boot being disabled, which the agency advises against. "Customization enables administrators to realize the benefits of boot malware defenses, insider threat mitigations, and data-at-rest protections. Administrators should opt to customize Secure Boot rather than disable it for compatibility reasons. Customization may - depending on implementation - require infrastructures to sign their own boot binaries and drivers," the NSA says.

The American surveillance super-agency's 39-page explainer [PDF] covers UEFI security and, in particular, how folks can master Secure Boot and avoid switching it off for compatibility reasons. Secure Boot is a mechanism that uses cryptography to ensure you're booting an operating system that hasn't been secretly meddled with; any addition of a bootkit or rootkit should be caught by Secure Boot.

According to Eclypsium researchers, the bug tracked as CVE-2020-10713 could allow attackers to get around these protections and execute arbitrary code during the boot-up process, even when Secure Boot is enabled and properly performing signature verification. "During the parser stage, the configuration values are copied to internal buffers stored in memory. Configuration tokens that are longer in length than the internal buffer size end up leading to a buffer overflow issue. An attacker may leverage this flaw to execute arbitrary code, further hijacking the machine's boot process and bypassing Secure Boot protection. Consequently, it is possible for unsigned binary code to be loaded, further jeopardizing the integrity of the system."

An annoying vulnerability in the widely used GRUB2 bootloader can be potentially exploited by malware or a rogue insider already on a machine to thoroughly compromise the operating system or hypervisor while evading detection by users and security tools. Any system on which GRUB2 can be installed and run at boot-time is potentially vulnerable.

According to BlackBerry, the Tycoon attack can be difficult to detect, thanks to it being written in Java and deployed within its own Runtime Environment. Admins of Cisco Nexus and UCS gear should make sure their firmware is updated with the latest NX-OS fix from Switchzilla.

Boots, a UK pharmacy chain, has suspended payments on the loyalty cards of 14.4 million active customers after its security team spotted "Unusual" activity on a number of Boots Advantage Card accounts. If Boots wasn't hacked, then where did crooks get the credentials that they've evidently used to try to get into people's Advantage Card accounts so they can make fraudulent purchases on what we refer to in the States as "Somebody else's dime?".