Cybersecurity

7282 readers

120 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

BIOS under attack: hackers increasingly focus on boot threats (cybernews.com)

submitted 1 week ago by kid to c/cybersecurity

7 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 5 points 1 week ago (3 children)

What the "How do attackers get in?" part doesn't mention: What attackers actually need to get in.

For Boot Hole for example (taken from here: https://access.redhat.com/security/vulnerabilities/grub2bootloader):

In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access.

[–] [email protected] 1 points 5 days ago (1 children)

Or just leak the signing keys like they did with MSI. That quote describes the theory, but there are tons of shit-for-brains humans that can screw it up. The UEFI attack surface is much bigger than it has any right to be.

[–] LOLseas 1 points 3 days ago* (last edited 3 days ago)

Oh man, I think you may have given me the clue I needed. On my second MSI X570s Max Edge WiFi board this year, because of what I believed was a UEFI/BIOS Rootkit. Strange things keep surviving complete wipes/reinstalls of my OS. Secureboot disabled/enabled, doesn't matter. Plagued (among other annoyances) with some 10s sound clips that randomly play, network usage monitor showing I'm downloading half a TB a day, uploading a 1/4th of that, etc. ClamAV finding some Unix.Ransomware.eCh0raix process running (first install)...

Could you have solved my headache? Switch motherboard vendors altogether? Is my board affected? I built this thing less than a year ago, and money is tight. Need to stay on X570 chipset, too much invested in this AM4 build.

load more comments (1 replies)