BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Meet the first UEFI bootkit that bypasses Secure Boot in Windows 11

    For the bootkit to work, attackers use an old vulnerability, which, nevertheless, is still relevant on many computers.

    A hidden bootkit called BlackLotus was the first widely known malware to be able to bypass Secure Boot protection in UEFI, making it a serious threat in cyberspace.

    "This bootkit can run even on fully updated Windows 11 systems with UEFI Secure Boot enabled," ESET said in a report.

    UEFI bootkits are deployed in the motherboard firmware and provide full control over the operating system boot process, allowing you to disable OS-level security mechanisms and deploy arbitrary payloads with high privileges during system startup.

    Details about BlackLotus first surfaced in October 2022, when Sergey Lozhkin, a Kaspersky Lab researcher, described it as “sophisticated criminal software.”

    In a nutshell, BlackLotus exploits the CVE-2022-21894 (aka Baton Drop) vulnerability to bypass UEFI Secure Boot protection and tweak its persistence on the victim's machine. Microsoft fixed this vulnerability back in January last year, but due to the fact that not everyone keeps their software up to date, millions of computers are still vulnerable to BlackLotus.

    According to ESET, successful exploitation of the vulnerability allows the execution of arbitrary code at the early stages of computer boot, allowing an attacker to perform malicious actions on a system with UEFI Secure Boot enabled without physical access to it.

    "This is the first publicly known use of this vulnerability," said Martin Smolar, researcher at ESET.

    The exact way the bootkit is deployed is not yet known, but it starts with an installer component that is responsible for writing files to the EFI system partition, disabling HVCI and BitLocker, and then rebooting the host. After the reboot, the bootkit itself is installed, and then it is automatically executed every time the system starts to deploy the kernel driver.

    “Over the past few years, many critical vulnerabilities affecting the security of UEFI systems have been discovered. Unfortunately, due to the complexity of the entire UEFI ecosystem and problems with the update supply chain, many of these vulnerabilities remain relevant even long after the fix, ”concluded the ESET specialist.
    Author DeepWeb
    CISA Warns of Active Exploitation of ZK Java Framework RCE Vulnerability
    Updated Pakistani Trojan ReverseRAT targets Indian government agencies

    Comments 0

    Add comment