BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
BTC $55865.7639
ETH $3222.4858
BNB $400.6682
SOL $110.6842
XRP $0.5548
ADA $0.6230
AVAX $39.2767
DOGE $0.0896
TRX $0.1404
wstETH $3751.1765
LINK $19.0474
DOT $8.0594
WETH $3236.9354
MATIC $1.0625
UNI $10.5983
WBTC $55965.3668
IMX $3.3901
ICP $13.0143
BCH $300.6764
LTC $74.8911
CAKE $3.2355
FIL $8.1517
ETC $28.1561
RNDR $7.4096
KAS $0.1718
DAI $0.9979
HBAR $0.1117
ATOM $11.3293
VET $0.0491
INJ $36.5642
TON $2.1072
OKB $51.3395
LDO $3.5443
FDUSD $1.0015
STX $3.0723
ARB $1.9162
NEAR $4.0168
XMR $131.7677
TIA $17.0755
XLM $0.1186
GRT $0.2823
ENS $22.2643
THETA $2.1117
MKR $2155.4331
WEMIX $2.1023
APEX $2.4575
BEAM $0.0357
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Meet the first UEFI bootkit that bypasses Secure Boot in Windows 11

    For the bootkit to work, attackers use an old vulnerability, which, nevertheless, is still relevant on many computers.

    A hidden bootkit called BlackLotus was the first widely known malware to be able to bypass Secure Boot protection in UEFI, making it a serious threat in cyberspace.

    "This bootkit can run even on fully updated Windows 11 systems with UEFI Secure Boot enabled," ESET said in a report.

    UEFI bootkits are deployed in the motherboard firmware and provide full control over the operating system boot process, allowing you to disable OS-level security mechanisms and deploy arbitrary payloads with high privileges during system startup.

    Details about BlackLotus first surfaced in October 2022, when Sergey Lozhkin, a Kaspersky Lab researcher, described it as “sophisticated criminal software.”

    In a nutshell, BlackLotus exploits the CVE-2022-21894 (aka Baton Drop) vulnerability to bypass UEFI Secure Boot protection and tweak its persistence on the victim's machine. Microsoft fixed this vulnerability back in January last year, but due to the fact that not everyone keeps their software up to date, millions of computers are still vulnerable to BlackLotus.

    According to ESET, successful exploitation of the vulnerability allows the execution of arbitrary code at the early stages of computer boot, allowing an attacker to perform malicious actions on a system with UEFI Secure Boot enabled without physical access to it.

    "This is the first publicly known use of this vulnerability," said Martin Smolar, researcher at ESET.

    The exact way the bootkit is deployed is not yet known, but it starts with an installer component that is responsible for writing files to the EFI system partition, disabling HVCI and BitLocker, and then rebooting the host. After the reboot, the bootkit itself is installed, and then it is automatically executed every time the system starts to deploy the kernel driver.

    “Over the past few years, many critical vulnerabilities affecting the security of UEFI systems have been discovered. Unfortunately, due to the complexity of the entire UEFI ecosystem and problems with the update supply chain, many of these vulnerabilities remain relevant even long after the fix, ”concluded the ESET specialist.
    Author DeepWeb
    CISA Warns of Active Exploitation of ZK Java Framework RCE Vulnerability
    Updated Pakistani Trojan ReverseRAT targets Indian government agencies

    Comments 0

    Add comment