POPULARITY
Enjoying the content? Let us know your feedback!In this episode, we'll be exploring a particularly intriguing file types: polyglot files. These digital shapeshifters have become a powerful tool in the arsenal of cyber attackers, capable of bypassing security measures, confusing systems, and delivering malicious payloads in ways that are both creative and devastating.Over the next 20 to 30 minutes or so, we'll break down what polyglot files are, how they work, and why they're so dangerous. We'll also examine some real-world examples where polyglot files were used in cyberattacks. We will reference the MITRE ATT&CK framework to understand how these techniques fit into the broader landscape of adversarial tactics. Finally, we'll discuss mitigation strategies and close with a cybersecurity myth that needs bustingBefore we dive into the main topic, lets glance what is happening on the security front:UEFI Secure Boot bypass vulnerability- https://en.wikipedia.org: Polyglot- https://attack.mitre.org: Masquerading- https://arxiv.org: Where the Polyglots Are: How Polyglot Files Enable Cyber Attack Chains and Methods for Detection & Disarmament- https://medium.com: Polyglot Files A Hackers Best Friend- https://www.bleepingcomputer.com: New polyglot malware hits aviation, satellite communication firmsBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
In this episode, we cover how to use honeypot data to keep your offensive infrastructure alive longer, three critical vulnerabilities in SimpleHelp that must be patched now, and an interesting vulnerability affecting many systems allowing UEFI Secure Boot bypass. Leveraging Honeypot Data for Offensive Security Operations [Guest Diary] A recent guest diary on the SANS Internet Storm Center discusses how offensive security professionals can utilize honeypot data to enhance their operations. The diary highlights the detection of scans from multiple IP addresses, emphasizing the importance of monitoring non-standard user-agent strings in web requests. https://isc.sans.edu/diary/Leveraging%20Honeypot%20Data%20for%20Offensive%20Security%20Operations%20%5BGuest%20Diary%5D/31596 Security Vulnerabilities in SimpleHelp 5.5.7 and Earlier SimpleHelp has released version 5.5.8 to address critical security vulnerabilities present in versions 5.5.7 and earlier. Users are strongly advised to upgrade to the latest version to prevent potential exploits. Detailed information and upgrade instructions are available on SimpleHelp's official website. https://simple-help.com/kb---security-vulnerabilities-01-2025#send-us-your-questions Under the Cloak of UEFI Secure Boot: Introducing CVE-2024-7344 ESET researchers have identified a new vulnerability, CVE-2024-7344, that allows attackers to bypass UEFI Secure Boot on most UEFI-based systems. This flaw enables the execution of untrusted code during system boot, potentially leading to the deployment of malicious UEFI bootkits. Affected users should apply available patches to mitigate this risk. https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/
ESET researchers have discovered a vulnerability affecting the majority of UEFI-based systems that allows actors to bypass UEFI Secure Boot. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate. ESET researchers discovered a new vulnerability, CVE-2024-7344, that allows actors to bypass UEFI Secure Boot on the majority of UEFI-based systems. Exploitation of this vulnerability allows execution of untrusted code during system boot, enabling deployment of malicious UEFI bootkits. The issue was fixed by affected vendors; the vulnerable binaries were revoked by Microsoft in the January 14, 2025, Patch Tuesday update. Exploitation of this vulnerability can lead to the execution of untrusted code during system boot, enabling potential attackers to easily deploy malicious UEFI bootkits (such as Bootkitty or BlackLotus) even on systems with UEFI Secure Boot enabled, regardless of the operating system installed. ESET reported the findings to the CERT Coordination Center (CERT/CC) in June 2024, which successfully contacted the affected vendors. The issue has now been fixed in affected products, and the old, vulnerable binaries were revoked by Microsoft in the January 14, 2025, Patch Tuesday update. The affected UEFI application is part of several real-time system recovery software suites developed by Howyar Technologies Inc., Greenware Technologies, Radix Technologies Ltd., SANFONG Inc., Wasay Software Technology Inc., Computer Education System Inc., and Signal Computer GmbH. "The number of UEFI vulnerabilities discovered in recent years and the failures in patching them or revoking vulnerable binaries within a reasonable time window shows that even such an essential feature as UEFI Secure Boot should not be considered an impenetrable barrier," says ESET researcher Martin Smolár, who discovered the vulnerability. "However, what concerns us the most with respect to the vulnerability is not the time it took to fix and revoke the binary, which was quite good compared to similar cases, but the fact that this isn't the first time that such an obviously unsafe signed UEFI binary has been discovered. This raises questions of how common the use of such unsafe techniques is among third-party UEFI software vendors, and how many other similar obscure, but signed, bootloaders there might be out there." Exploitation of this vulnerability is not limited to systems with the affected recovery software installed, as attackers can bring their own copy of the vulnerable binary to any UEFI system with the Microsoft third-party UEFI certificate enrolled. Also, elevated privileges are required to deploy the vulnerable and malicious files to the EFI system partition (local administrator on Windows; root on Linux). The vulnerability is caused by the use of a custom PE loader instead of using the standard and secure UEFI functions LoadImage and StartImage. All UEFI systems with Microsoft third-party UEFI signing enabled are affected (Windows 11 Secured-core PCs should have this option disabled by default). The vulnerability can be mitigated by applying the latest UEFI revocations from Microsoft. Windows systems should be updated automatically. Microsoft's advisory for the CVE-2024-7344 vulnerability can be found here. For Linux systems, updates should be available through the Linux Vendor Firmware Service. For a more detailed analysis and technical breakdown of the UEFI vulnerability, check out the latest ESET Research blog post, "Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344" on WeLiveSecurity.com. Guest post by ESET Ireland. You can follow ESET Ireland on X (ex-Twitter), Facebook or LinkedIn for more cybersecurity tips.
President Biden issues a comprehensive cybersecurity executive order. Updates on Silk Typhoon's US Treasury breach. A Chinese telecom hardware firm is under FBI investigation. A critical vulnerability has been found in the UEFI Secure Boot mechanism. California-based cannabis brand Stiiizy suffers a data breach. North Korea's Lazarus Group lures freelance developers. The FTC highlights major security failures at web hosting giant GoDaddy. Veeam patches a critical vulnerability in their Backup for Microsoft Azure product. Hackers leak sensitive data from over 15,000 Fortinet firewalls. Our guest today is Oren Koren, Veriti's Co-founder and CPO, sharing insights about the state of healthcare cybersecurity. Shiver me timbers! Meta's AI trains on a treasure chest of pirated books. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Oren Koren, Veriti's Co-founder and CPO, sharing insights about the state of healthcare cybersecurity. You can read more in their “The State of Healthcare Cybersecurity 2025” report. Selected Reading Biden to sign executive order on AI and software security (Axios) Treasury Breach by Chinese Sponsored Hackers Focused on Sanctions, Report Says (Bloomberg) Exclusive: Chinese tech firm founded by Huawei veterans in the FBI's crosshairs (Reuters) New UEFI Secure Boot Bypass Vulnerability Exposes Systems to Malicious Bootkits (Cyber Security News) 380,000 Impacted by Data Breach at Cannabis Retailer Stiiizy (SecurityWeek) North Korean Hackers Targeting Freelance Software Developers (SecurityWeek) GoDaddy Accused of Serious Security Failings by FTC (Infosecurity Magazine) Veeam Azure Backup Solution Vulnerability Allows Attackers To Enumerate Network (Cyber Security News) Hacking group leaks Fortinet users' details on dark web (Computing) Meta Secretly Trained Its AI on a Notorious Piracy Database, Newly Unredacted Court Docs Reveal (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
We explore the certificate issue in which secure boot is potentially compromised because of certificates that have been compromised in ways they could be easily used as for an attack vector. This is a very significant flaw and something that should be on your purview and radar to fix. We're going to talk about what the issue is, why it's important, how secure boot works, and what you can do to mitigate this problem in your own infrastructure. This is a really important episode for anybody running or managing desktops, data centers or infrastructure of any type. Transcript: https://otter.ai/u/59uYpJpra5SutJOpEB_bPZ2CUqI?utm_source=copy_url
ESET believes this bootkit is likely an initial proof of concept, and based on ESET telemetry, it has not been deployed in the wild. However, it is the first evidence that UEFI bootkits are no longer confined to Windows systems alone. The bootkit's main goal is to disable the kernel's signature verification feature and to preload two as yet unknown ELF binaries via the Linux "init" process (which is the first process executed by the Linux kernel during system startup). The previously unknown UEFI application, named "bootkit.efi," was uploaded to VirusTotal. Bootkitty is signed by a self-signed certificate, thus is not capable of running on systems with UEFI Secure Boot enabled by default. However, Bootkitty is designed to boot the Linux kernel seamlessly, whether UEFI Secure Boot is enabled or not, as it patches, in memory, the necessary functions responsible for integrity verification. The bootkit is an advanced rootkit that is capable of replacing the boot loader, and of patching the kernel ahead of its execution. Bootkitty allows the attacker to take full control over the affected machine, as it co-opts the machine's booting process, and executes malware before the operating system has even started. During the analysis, ESET discovered a possibly related unsigned kernel module that ESET named BCDropper - with signs suggesting that it could have been developed by the same author(s) as Bootkitty. It deploys an ELF binary responsible for loading yet another kernel module unknown at the time of analysis. "Bootkitty contains many artifacts, suggesting that this is more like a proof of concept than the work of a threat actor. Even though the current version from VirusTotal does not, at the moment, represent a real threat to the majority of Linux systems since it can affect only a few Ubuntu versions, it emphasizes the necessity of being prepared for potential future threats," says ESET researcher Martin Smolar, who analyzed Bootkitty. "To keep your Linux systems safe from such threats, make sure that UEFI Secure Boot is enabled, your system firmware, security software and OS are up-to-date, and so is your UEFI revocations list," he adds. After booting up a system with Bootkitty in the ESET testing environment, researchers noticed that the kernel was marked as tainted (a command can be used to check the tainted value), which was not the case when the bootkit was absent. Another way to tell whether the bootkit is present on the system with UEFI Secure Boot enabled is by attempting to load an unsigned dummy kernel module during runtime. If it's present, the module will be loaded; if not - the kernel refuses to load it. A simple remedy to get rid of the bootkit, when the bootkit is deployed as "/EFI/ubuntu/grubx64.efi", is to move the legitimate "/EFI/ubuntu/grubx64-real.efi" file back to its original location, which is "/EFI/ubuntu/grubx64.efi". Over the past few years, the UEFI threat landscape, particularly that of UEFI bootkits, has evolved significantly. It all started with the first UEFI bootkit proof of concept (PoC), described by Andrea Allievi in 2012, which served as a demonstration of deploying bootkits on modern UEFI-based Windows systems, and was followed with many other PoCs (EfiGuard, Boot Backdoor, UEFI-bootkit). I t took several years until the first two real UEFI bootkits were discovered in the wild (one of those was ESPecter in 2021 by ESET), and it took two more years until the infamous BlackLotus - the first UEFI bootkit capable of bypassing UEFI Secure Boot on up-to-date systems - appeared (in 2023, discovered by ESET). A common thread among these publicly known bootkits was their exclusive targeting of Windows systems. For a more detailed analysis and technical breakdown of Bootkitty, the first bootkit for Linux, check out the latest ESET Research blogpost, "Bootkitty: Analyzing the first UEFI bootkit for Linux," on WeLiveSecurity.com. Make sure to follow ESET Research on X for the latest news from ESET Rese...
Da rollt etwas auf uns zu: Microsoft verändert Secure Boot für Windows. Die Tücken der Sicherheitsfunktion im Podcast Bit-Rauschen, Folge 2024/7.
Towards the end of 2022, an unknown threat actor boasted online that they created a new and powerful UEFI bootkit called BlackLotus. Its most distinctive feature? It could mysteriously bypass UEFI Secure Boot, a feature built into all modern computers to prevent them from running unauthorized software. What at first sounded like a myth turned into reality a few months later when ESET researchers discovered a sample that perfectly matched all the mentioned attributes of a UEFI bootkit known as BlackLotus. Listen to the fascinating story of ESET Malware Researcher Martin Smolár describing his threat hunt to our host ESET Distinguished Researcher Aryeh Goretsky. For more info about this research, read the blogpost on WeLiveSecurity.com. Host: Aryeh Goretsky, ESET Distinguished Researcher Guest: Martin Smolár, ESET Malware Researcher Materials: BlackLotus UEFI bootkit: Myth confirmed
Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds Meta unveils a new large language model that can run on a single GPU BlackLotus bootkit bypasses UEFI Secure Boot on patched Windows 11 Microsoft to Store World's Music Collection on Quartz Wafers Andre Keartland, Solutions Architect at Netsurit Professional Services talks about how enterprise organizations can implement DevSecOps to enhance security. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: André Keartland Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: bitwarden.com/twit kolide.com/twiet decisions.com/twit
Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds Meta unveils a new large language model that can run on a single GPU BlackLotus bootkit bypasses UEFI Secure Boot on patched Windows 11 Microsoft to Store World's Music Collection on Quartz Wafers Andre Keartland, Solutions Architect at Netsurit Professional Services talks about how enterprise organizations can implement DevSecOps to enhance security. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: André Keartland Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: bitwarden.com/twit kolide.com/twiet decisions.com/twit
Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds Meta unveils a new large language model that can run on a single GPU BlackLotus bootkit bypasses UEFI Secure Boot on patched Windows 11 Microsoft to Store World's Music Collection on Quartz Wafers Andre Keartland, Solutions Architect at Netsurit Professional Services talks about how enterprise organizations can implement DevSecOps to enhance security. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: André Keartland Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: bitwarden.com/twit kolide.com/twiet decisions.com/twit
Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds Meta unveils a new large language model that can run on a single GPU BlackLotus bootkit bypasses UEFI Secure Boot on patched Windows 11 Microsoft to Store World's Music Collection on Quartz Wafers Andre Keartland, Solutions Architect at Netsurit Professional Services talks about how enterprise organizations can implement DevSecOps to enhance security. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: André Keartland Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: bitwarden.com/twit kolide.com/twiet decisions.com/twit
On The Cloud Pod this week, the team struggles with scheduling to get everyone in the same room for just one week. Plus, Microsoft increases pay for talent retention while changing licensing for European Cloud Providers, Google Cloud introduces AlloyDB for PostgreSQL, and AWS announces EC2 support for NitroTPM. A big thanks to this week's sponsor, Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights
The GNOME Foundation and Endless launch a new contest aimed at engaging young coders with FOSS, Tails 4.5 brings support for UEFI Secure Boot, the first release of Krustlet brings WebAssembly to Kubernetes, and Qt considers further limiting access to its releases.
The GNOME Foundation and Endless launch a new contest aimed at engaging young coders with FOSS, Tails 4.5 brings support for UEFI Secure Boot, the first release of Krustlet brings WebAssembly to Kubernetes, and Qt considers further limiting access to its releases.
W pierwszym (testowym) odcinku naszego podcastu porozmawiamy o ostatnich odkryciach ujawnionych w artykule Bloomberga na temat instalowania implantów (backdoorów) sprzętowych w płytach głównych produkowanych przez Supermicro.Według źródła, odkryte miały zostać małe układy scalone, których rzekomym celem działania było wykradanie informacji z serwerów pracujących w amerykańskich sieciach telekomunikacyjnych oraz popularnych usługach chmurowych i sieciach społecznościowych.Ponieważ na co dzień zajmujemy się produkcją oprogramowania układowego (Firmware/BIOS), a tym samym posiadamy praktyczną wiedzę z zakresu budowy zarówno sprzętu jak i standardów dla oprogramowania embedded, postanowiliśmy przyjrzeć się tym rewelacjom i skonfrontować je z faktami.Na początku odcinka przekazujemy informacje ogólne na temat tematyki implantów (backdoorów) sprzętowych. Słuchacze bardziej biegli w temacie mogą od razu przejść do 15 minuty gdzie rozpoczynamy techniczną analizę prawdopodobnego scenariusza ataku, który pokrywałby się z informacjami przedstawionymi przez Bloomberga.Podczas naszej analizy odwołujemy się do standardów takich jak: BMC, IPMI, ACPI, UEFI, ATF, NC-SI, TPM. Jeżeli szukasz twardych technicznych dokumentów na te tematy koniecznie sprawdź linki poniżej.Prowadzący: Radosław Biernacki, Michał Stanek, Jan Dąbroś, Wojciech MacekLinki (chcesz wiedzieć więcej?):Hardware trojan:https://en.wikipedia.org/wiki/Hardware_TrojanBloomberg:https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companieshttps://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecomInne źródła na temat publikacji:https://www.servethehome.com/yossi-appleboum-disagrees-bloomberg-is-positioning-his-research-against-supermicro/https://www.servethehome.com/explaining-the-baseboard-management-controller-or-bmc-in-servers/https://securinghardware.com/articles/hardware-implants/IPMI - because ACPI and UEFI weren't terrifying enough:https://www.youtube.com/watch?v=GZeUntdObCABMC/IPMI:https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/ipmi-second-gen-interface-spec-v2-rev1-1.pdfhttps://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/https://www.reddit.com/r/homelab/comments/74o47w/psa_do_not_connect_your_ipmi_to_outside_world/OpenBMC:https://www.youtube.com/watch?v=HO9qDPoWWrghttps://github.com/openbmc/openbmcUEFI:https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interfacehttps://github.com/tianocore/edk2ACPI:https://en.wikipedia.org/wiki/Advanced_Configuration_and_Power_Interfacehttp://www.uefi.org/sites/default/files/resources/ACPI_6_2.pdfhttps://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Heasman.pdfARM Trusted Firmware / UEFI Secure Boot:https://www.uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdfhttps://www.trustedfirmware.org/about/https://github.com/ARM-software/arm-trusted-firmwareNC-SI:https://en.wikipedia.org/wiki/NC-SIhttps://www.dmtf.org/sites/default/files/standards/documents/DSP0222_1.0.0.pdfhttps://sthbrx.github.io/blog/2017/09/22/ncsi-nice-network-youve-got-there/TPM:https://en.wikipedia.org/wiki/Trusted_Platform_Modulehttps://online.tugraz.at/tug_online/voe_main2.getvolltext?pCurrPk=59565PUF:https://www.coursera.org/lecture/hardware-security/physical-unclonable-functions-puf-basics-Ab4sfhttp://cryptowiki.net/index.php?title=Physically_unclonable_functions_(PUF)HW Counterfeits:https://www.electronicsweekly.com/news/business/fbi-arrests-counterfeit-chip-traffickers-2015-12/https://www.netnames.com/insights/blog/2014/03/counterfeit-aircraft-parts-in-the-usa/https://zeptobars.com/en/read/Nordic-NRF24L01P-SI24R1-real-fake-copyps: już po naszej publikacji pojawił się poniższy art.https://www.servethehome.com/investigating-implausible-bloomberg-supermicro-stories/
It's not even the first proper episode but Chris and Joe talk about kernel security, UEFI Secure Boot, the latest Raspberry Pi news, Nexus devices being abandoned and MP3 becoming (sort of) free. GrSecurity Kernel Patches Will No Longer Be Free To The Public - Phoronix (http://www.phoronix.com/scan.php?page=news_item&px=GrSecurity-No-Longer-Free) Secure Boot booted from Debian 9 'Stretch' (https://www.theregister.co.uk/2017/05/01/debian_stretch_omits_secure_boot/) Devuan GNU/Linux 1.0 "Jessie" to Support Raspberry Pi 3, Acer Chromebook Devices (http://news.softpedia.com/news/devuan-gnu-linux-1-0-jessie-to-support-raspberry-pi-3-acer-chromebook-devices-515469.shtml) Get a free AIY Projects Voice Kit with The MagPi 57! - The MagPi MagazineThe MagPi Magazine (https://www.raspberrypi.org/magpi/google-aiy-voice-magpi-57/) What is this bullsh*t, Google? Nexus phones starved of security fixes after just three years • The Register (https://www.theregister.co.uk/2017/05/01/google_eol_for_nexus_phones/) Full MP3 Support Being Added To Fedora Linux - Phoronix (http://www.phoronix.com/scan.php?page=news_item&px=Full-MP3-Support-In-Fedora)
It's not even the first proper episode but Chris and Joe talk about kernel security, UEFI Secure Boot, the latest Raspberry Pi news, Nexus devices being abandoned and MP3 becoming (sort of) free. GrSecurity Kernel Patches Will No Longer Be Free To The Public - Phoronix (http://www.phoronix.com/scan.php?page=news_item&px=GrSecurity-No-Longer-Free) Secure Boot booted from Debian 9 'Stretch' (https://www.theregister.co.uk/2017/05/01/debian_stretch_omits_secure_boot/) Devuan GNU/Linux 1.0 "Jessie" to Support Raspberry Pi 3, Acer Chromebook Devices (http://news.softpedia.com/news/devuan-gnu-linux-1-0-jessie-to-support-raspberry-pi-3-acer-chromebook-devices-515469.shtml) Get a free AIY Projects Voice Kit with The MagPi 57! - The MagPi MagazineThe MagPi Magazine (https://www.raspberrypi.org/magpi/google-aiy-voice-magpi-57/) What is this bullsh*t, Google? Nexus phones starved of security fixes after just three years • The Register (https://www.theregister.co.uk/2017/05/01/google_eol_for_nexus_phones/) Full MP3 Support Being Added To Fedora Linux - Phoronix (http://www.phoronix.com/scan.php?page=news_item&px=Full-MP3-Support-In-Fedora)
It's not even the first proper episode but Chris and Joe talk about kernel security, UEFI Secure Boot, the latest Raspberry Pi news, Nexus devices being abandoned and MP3 becoming (sort of) free. GrSecurity Kernel Patches Will No Longer Be Free To The Public - Phoronix (http://www.phoronix.com/scan.php?page=news_item&px=GrSecurity-No-Longer-Free) Secure Boot booted from Debian 9 'Stretch' (https://www.theregister.co.uk/2017/05/01/debian_stretch_omits_secure_boot/) Devuan GNU/Linux 1.0 "Jessie" to Support Raspberry Pi 3, Acer Chromebook Devices (http://news.softpedia.com/news/devuan-gnu-linux-1-0-jessie-to-support-raspberry-pi-3-acer-chromebook-devices-515469.shtml) Get a free AIY Projects Voice Kit with The MagPi 57! - The MagPi MagazineThe MagPi Magazine (https://www.raspberrypi.org/magpi/google-aiy-voice-magpi-57/) What is this bullsh*t, Google? Nexus phones starved of security fixes after just three years • The Register (https://www.theregister.co.uk/2017/05/01/google_eol_for_nexus_phones/) Full MP3 Support Being Added To Fedora Linux - Phoronix (http://www.phoronix.com/scan.php?page=news_item&px=Full-MP3-Support-In-Fedora)
Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Kallenberg/DEFCON-22-Corey-Kallenberg-Extreme-Privilage-Escalation.pdf Additional Materials available here: https://defcon.org/images/defcon-22/dc-22-presentations/Kallenberg/DEFCON-22-Corey-Kallenberg-Extreme-Privilage-Escalation-WP-UPDATED.pdf Extreme Privilege Escalation On Windows 8/UEFI Systems Corey Kallenberg MITRE Xeno Kovah MITRE It has come to light that state actors install implants in the BIOS. Let no one ever again question whether BIOS malware is practical or present in the wild. However, in practice attackers can install such implants without ever having physical access to the box. Exploits against the BIOS can allow an attacker to inject arbitrary code into the platform firmware. This talk will describe two such exploits we developed against the latest UEFI firmware. The UEFI specification has more tightly coupled the bonds of the operating system and the platform firmware by providing the well-defined "runtime services" interface between the OS and the firmware. This interface is more expansive than the interface that existed in the days of conventional BIOS, which has inadvertently increased the attack surface against the platform firmware. Furthermore, Windows 8 has introduced APIs that allow accessing this UEFI interface from a userland process. Vulnerabilities in this interface can potentially allow a userland process to escalate its privileges from "ring 3" all the way up to that of the platform firmware, which includes permanently attaining control of the very-powerful System Management Mode (SMM). This talk will disclose two vulnerabilities that were discovered in the Intel provided UEFI reference implementation, and detail the unusual techniques needed to successfully exploit them. Corey Kallenberg is a security researcher for The MITRE Corporation who has spent several years investigating operating system and firmware security on Intel computers. In 2012 he coauthored work presented at DEF CON and IEEE S&P on using timing based attestation to detect Windows kernel hooks. In 2013 he helped discover critical problems with current implementations of the Trusted Computing Group's "Static Root of Trust for Measurement" and co-presented this work at NoSuchCon and Blackhat USA. Later, he discovered several vulnerabilities which allowed bypassing of "signed BIOS enforcement" on a number of systems, allowing an attacker to make malicious modifications to the platform firmware. These attacks were presented at EkoParty, HITB, and PacSec. Recently, Corey has presented attacks against the UEFI "Secure Boot" feature. Corey is currently continuing to research the security of UEFI and the Intel architecture. twitter: @coreykal Xeno Kovah is a Lead InfoSec Engineer at The MITRE Corporation, a non-profit company that runs 6 federally funded research and development centers (FFRDCs) as well as manages CVE. He is the team lead for the BIOS Analysis for Detection of Advanced System Subversion project. On the predecessor project, Checkmate, he investigated kernel/userspace memory integrity verification & timing-based attestation. Both projects have a special emphasis on how to make it so that the measurement agent can't just be made to lie by an attacker. Xeno is also the founder and leading contributor to OpenSecurityTraining.info. twitter: @xenokovah Special thanks to the contributing researchers for their help in co-authoring: John Butterworth is a security researcher at The MITRE Corporation who currently specializes in Intel firmware security. In 2012 he co-authored the whitepaper "New Results for Timing-Based Attestation" which used timing based attestation to detect Windows kernel hooks. This research was presented at DEF CON and the 2012 IEEE Symposium on Security and Policy. In 2013 he and his colleagues authored "BIOS Chronomancy:Fixing the Static Root of Trust for Measurement" which proposed using Timing-Based Attestation during the BIOS boot process to resolve critical problems which they had found with current implementations of the Trusted Computing Group's "Static Root of Trust for Measurement". He has presented this research at NoSuchCon, Black Hat USA, SecTor, SEC-T, Breakpoint, and Ruxcon. Following this he has created a tool called Copernicus designed to determine just how prevalent vulnerable BIOS is in industry. John is currently continuing to research the security of BIOS/UEFI and the Intel architecture. Sam Cornwell is a Sr. InfoSec Engineer at The MITRE Corporation, a not-for-profit company that runs 6 federally funded research and development centers (FFRDCs) as well as manages CVE. Since 2011 he has been working on projects such as Checkmate (a kernel and userspace memory integrity verification & timing-based attestation tool), Copernicus, a (BIOS extractor and configuration checker), and several other private security sensors designed to combat sophisticated threats. He has also researched and developed attacks against UEFI SecureBoot.