Proprietary, Microsoft Holes, and UEFI Flaws
-
Microsoft says it caught an Austrian spyware group using previously unknown Windows exploits [iophk: Windows TCO]
The new information about Microsoft’s tracking and mitigation of DSIRF / KNOTWEED’s exploits was published at the same time as a written testimony document submitted to the hearing on “Combatting the Threats to U.S. National Security from the Proliferation of Foreign Commercial Spyware,” held July 27th.
-
US, Ukraine sign pact to expand cooperation in cyberspace [iophk: Windows TCO]
CISA signed a memorandum of cooperation with the Ukrainian State Service of Special Communications and Information Protection of Ukraine (SSSCIP) amid the eastern European country’s ongoing war with Russia, an aggressor in the digital realm that has attacked both Ukrainian and American cyber networks and infrastructure in the past.
The cooperation pact bolsters information sharing on cyber incidents and creates pathways between the two agencies to share key data on critical infrastructure. It also authorizes joint exercises and training sessions between the two agencies.
-
Ransomware attacks enabled by malicious insiders warns Gigamon [iophk: Windows TCO]
Nearly one-third of organisations have suffered a ransomware attack enabled by a malicious insider, a threat seen as commonly as the accidental insider (35%), according to a new report from cloud visibility and analytics company Gigamon.
-
Government Should Incentivize Information Sharing for Ransomware Attacks, Experts Say [iophk: Windows TCO]
The Cyber Incident Reporting for Critical Infrastructure Act passed in March does not cover private companies who do not operate in the critical infrastructure sectors and does not include safe harbor and shield laws that would encourage private companies to engage in the process.
Oftentimes, companies will avoid interacting with law enforcement to avoid the stigma associated with being a victim of a cyberattack and out of fear of being held liable by regulators and investors, said Trent Teyema, senior fellow at technology policy university collaborative GeoTech Center.
-
CosmicStrand: a UEFI rootkit
Since UEFI firmware is embedded in a chip on the motherboard and not written to the hard drive, it is immune to any hard drive manipulations. Therefore, it is very difficult to get rid of UEFI-based malware: even wiping the drive and reinstalling the operating system will not touch UEFI. For this same reason, not all security solutions can detect malware hidden in UEFI. Simply put, once malware has made its way into the firmware, it is there to stay.
-
Chinese UEFI Rootkit Found on Gigabyte and Asus Motherboards
Security researchers with Kaspersky have analyzed a UEFI firmware rootkit that appears to target specific motherboard models from Gigabyte and Asus.
-
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. Although on paper they may seem attractive to attackers, creating them poses significant technical challenges and the slightest programming error has the potential to completely crash the victim machine. In our APT predictions for 2022, we noted that despite these risks, we expected more attackers to reach the sophistication level required to develop such tools. One of the main draws towards malware nested in such low levels of the operating system is that it is extremely difficult to detect and, in the case of firmware rootkits, will ensure a computer remains in an infected state even if the operating system is reinstalled or the user replaces the machine’s hard drive entirely.
In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor. One of our industry partners, Qihoo360, published a blog post about an early variant of this malware family in 2017.
-
Jul 25, 2022 New CosmicStrand UEFI Rootkit Variant Found By Dennis Fisher
Earlier this year, Kasperksy identified anoother UEFI rootkit called MoonBounce that was used against one known victim.
-
New UFEI Rootkit
Both links have lots of technical details; the second contains a list of previously discovered UFEI rootkits. Also relevant are the NSA’s capabilities—now a decade old—in this area.
-
Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us
Researchers have unpacked a major cybersecurity find—a malicious UEFI-based rootkit used in the wild since 2016 to ensure computers remained infected even if an operating system is reinstalled or a hard drive is completely replaced.
The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right. It’s located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. Because it’s the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows.
-
- Login or register to post comments
- Printer-friendly version
- 132 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
Review of SunFounder TS7-Pro 7-inch touchscreen display for Raspberry Pi 4
SunFounder TS7-Pro is a 7-inch touchscreen display designed for Raspberry Pi 4 board and the company sent us one review sample for evaluation. SunFounder has a wide range of Raspberry Pi and Arduino accessories designed for makers, and the TS7-Pro 7 is their latest offering that’s optimized to work with Raspberry Pi 4 and Raspberry Pi 3. Adding a touchscreen display to a Raspberry Pi may be a bit messy with the display or other accessories such as cameras and/or 2.5-inch drive spread on the table, but the TS7-Pro display simplifies all that with a neater assembly. Let’s start the review with an unboxing
7.9-inch ultrawide HDMI display works with Raspberry Pi SBC
If you are looking for an ultrawide display to show information on your PC or Raspberry Pi, there’s a 7.9-inch IPS display with 1280×400 resolution that may meet your requirements. The display is powered through a USB port and outputs video through an HDMI 1.4 input port, so it should work with any hardware equipped with HDMI input and a USB port.
Android Leftovers
4 Best Free and Open Source C Static Site Generators
LinuxLinks, like most modern websites, is dynamic in that content is stored in a database and converted into presentation-ready HTML when readers access the site. While we employ built-in server caching which creates static versions of the site, we don’t generate a full, static HTML website based on raw data and a set of templates. However, sometimes a full, static HTML website is desirable. Because HTML pages are all prebuilt, they load extremely quickly in web browsers. There are lots of other advantages of running a full, static HTML website.
Recent comments
6 hours 2 min ago
6 hours 54 min ago
16 hours 58 min ago
18 hours 27 min ago
18 hours 40 min ago
20 hours 34 min ago
21 hours 41 min ago
23 hours 24 min ago
23 hours 29 min ago
1 day 1 hour ago