Eclypsium, Inc.’s Post

Your laptop probably has bitlocker? It will use a TPM chip, that has management by the UEFI (Modern day BIOS). Well, did you know malware could attack this and perhaps bypass your disk encryption? Not something you hear often in 2024! 😀 "To be clear, this vulnerability lies in the UEFI code handling TPM configuration—in other words, it doesn't matter if you have a security chip like a TPM if the underlying code is flawed." "Bootkits are malware that loads very early in the UEFI boot process, giving the malicious programs low-level access to the operation and making them very difficult to detect like we saw the BlackLotus, CosmicStrand, and MosaicAggressor UEFI malware." Now with all intelligence, we need to understand the relevance 😣 "... Lenovo ThinkPad X1 Carbon 7th Gen and X1 Yoga 4th Gen devices, but later confirmed with Phoenix that it affects the SecureCore firmware for Alder Lake, Coffee Lake, Comet Lake, Ice Lake, Jasper Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake Intel CPUs as well." But is there a patch!? 🤕 "In April, Phoenix issued an advisory and Lenovo began releasing new firmware in May to resolve the vulnerabilities in over 150 different models. It is important to note that not all models have available firmware at this time, with many planned for later this year." How often do we patch our firmware!? For all CTI analysts... 1. check your asset lists 2. make a request to get these assets patched 3. start tracking this CVE-2024-0762 4. gain insight in to the CVE, at 7.5 CVSS 3.0, I'd want to know how easy this is to exploit, and how to detect it through EDR / XDR / NDR solutions. What else would you do? Do you consider this a threat? Full article here: https://lnkd.in/deYwB9mi

Major Security Flaw in AMD Chips: What You Need to Know A newly discovered vulnerability in AMD processors, called Sinkclose, poses a significant threat. This flaw, hidden for decades, allows malware to embed itself deep in a computer’s memory, making it nearly impossible to detect or remove without specialized hardware tools. Affected chips date back to 2006, putting hundreds of millions of PCs and servers at risk. 🔍 Key Takeaways: • Access Required: Exploiting Sinkclose demands kernel-level access, but once compromised, it offers attackers unrivaled control over the system. • Persistent Threat: Malware linked to this vulnerability can survive OS reinstalls, rendering traditional cleanup methods ineffective. • Wide Impact: Virtually all AMD chips since 2006 are affected, impacting PCs, servers, and embedded systems. This vulnerability underscores the ever-present challenges of securing hardware at the most fundamental levels. As AMD rushes to develop mitigations, organizations must remain vigilant, prioritizing firmware updates in addition to software updates. The most dangerous vulnerabilities are those hidden in plain sight, lingering for years, waiting to be exploited—reminding us that security is not just about protecting the known, but also anticipating the unknown. Read more at: https://lnkd.in/eCcgbTNz

A critical UEFI vulnerability, CVE-2024-8105, also known as PKfail, has been identified, posing a significant threat to millions of devices. With a CVSS score of 8.2, this flaw undermines UEFI's foundational security, including protections like Secure Boot. The vulnerability arises from the use of weak, hard-coded test keys in production firmware, making systems highly susceptible to malicious attacks.Stay vigilant and prioritize updates to protect your systems. https://lnkd.in/dYdqszhm #CyberSecurity #UEFI #Vulnerability #CVE20248105

Unpatched Server Flaw Exposed in Intel and Lenovo BMCs: Lighttpd Vulnerability Alert A security gap persists in the Lighttpd web server within Intel and Lenovo baseboard management controllers (BMCs), despite the issue being patched in 2018. The flaw was first corrected in Lighttpd version 1.4.51, but the omission of a CVE identifier and advisory meant it was not updated in AMI MegaRAC BMC firmware used in these companies' products. This oversight has left out-of-bounds read vulnerabilities in certain Intel and Lenovo BMC firmware, posing a risk of sensitive data exposure and enabling security mechanism bypasses, like address space layout randomization (ASLR). Both Intel and Lenovo have not addressed these flaws, citing the end-of-life status of the affected products, leading to permanent vulnerabilities. This incident underscores the challenges in managing firmware and software supply chains, particularly when they involve outdated third-party components. #cybersecurity #security #infosec #vulnerability #intel #lenovo #server

Security flaw in Lighttpd web server used in baseboard management controllers (BMCs) has remained unpatched by device vendors like Intel and Lenovo. Binarly's new findings reveal that the original shortcoming was discovered and patched by the Lighttpd maintainers in August 2018. However, the lack of a CVE identifier or an advisory resulted in it being overlooked by the developers of AMI MegaRAC BMC, ultimately ending up in products made by Intel and Lenovo. The flaw could be exploited to exfiltrate sensitive data, bypassing crucial security mechanisms like address space layout randomization (ASLR). Stay vigilant and ensure your systems are updated with Lighttpd version 1.4.51 to avoid potential data breaches. #cybersecurity #dataloss #Lighttpd #BMCs

In 2012, Secure Boot was introduced as a robust defense against BIOS #malware. However, recent revelations by security firm Binarly indicate that Secure Boot is compromised on over 200 device models from major manufacturers including Acer, Dell, Gigabyte, Intel, and Supermicro. The breach stems from a #cryptographic key leaked in 2022, allowing attackers to bypass Secure Boot and execute malware. Secure Boot relies on cryptographic keys to ensure that only trusted software runs during the boot process. However, the leak was caused by poor key management and the use of test keys labeled “DO NOT TRUST.” This issue could potentially affect over 300 additional device models. Devices with #compromised keys remain #vulnerable until manufacturers provide firmware updates. This widespread failure in cryptographic key management calls into question the overall reliability of Secure Boot. https://lnkd.in/gyjBV_uD

🚨 Breaking News in the Tech World! 🚨 🔒 ASUS, we've got some update drama on your routers! They've shipped out crucial software updates to fix a security bug that's got the cyber world buzzing. 💻 The flaw, tracked as CVE-2024-3080, hits hard with a CVSS score of 9.8 out of 10 - yikes! 😱 🤖 What's the scoop? Here's the lowdown in a nutshell: - ASUS routers faced an epic authentication bypass slip-up. Oopsie! - Hackers were salivating at the chance to sneak in uninvited. Not on our watch! 🛡️ 🔍 This news rings bells, right? Cybersecurity's always a hot topic. It's like a digital game of cops and robbers out there! 🕵️♂️💻 🔮 My prediction? With tech marching forward at warp speed, security slip-ups like this won't be a one-time gig. Tightening those digital Fort Knoxes will be the name of the game moving forward! 🔒💪 💡 Let's chat about this - how are you safeguarding your digital territory? Share your armory of cybersecurity tools and tricks with me in the comments! 🔒💬 Don't fall asleep at the wheel, techies! Stay sharp and stay secure! 🔐💻 #ainews #automatorsolutions #Cybersecurity #TechNews #RouterRumors #StaySecure #DigitalDefense 🚀 #CyberSecurityAINews ----- Original Publish Date: 2024-06-17 08:00

A severe vulnerability in AMD processor firmware, identified by IOActive, Inc. researchers, may give attackers deep control over computers, potentially leading to irreversible damage. The flaw affects nearly all AMD chips since 2006. #AMDFlaw #SinkcloseVulnerability #IOActive #CyberSecurity #ProcessorFirmware #TechSecurity #Defcon2024 #FirmwareFlaw #BootkitMalware #HardwareVulnerability #CyberThreat #AMDChips #SecurityAlert #HackerConference #TechNews #VulnerabilityDisclosure #CriticalFlaw #SystemManagementMode

Security researchers Enrique Nissim and Krzysztof Okupski from IOActive have uncovered a critical vulnerability in AMD processors, dubbed “Sinkclose,” that affects nearly all AMD chips since 2006. This flaw allows hackers to execute their code in the System Management Mode (SMM), a highly privileged area of the processor. The vulnerability can lead to the installation of stealthy malware, potentially undetectable and unremovable by conventional means, making it so severe that affected computers might need to be discarded. At the Defcon hacker conference, Nissim and Okupski explained that although exploiting this bug requires hackers to have deep access to a system, it grants them the ability to embed malicious code that can survive even a complete reinstallation of the operating system. This flaw is especially concerning for systems with misconfigured security settings, which the researchers found to be prevalent. The malware could persist undetected, posing a significant threat, especially from state-sponsored actors. AMD acknowledged the Sinkclose vulnerability and has released patches for certain products, like its EPYC datacenter processors. However, the company has not detailed its full mitigation plan, leaving many users in a precarious position. Despite AMD's assurance that exploiting the flaw requires extensive access, the researchers argue that hackers already possess the means to achieve such access, making this vulnerability a pressing concern. The researchers discovered this flaw after scrutinizing AMD’s architecture for two years, driven by the increasing market share of AMD chips. While they have withheld proof-of-concept code to give AMD more time to patch the flaw, they urge users to apply any available updates immediately. Given the potential for the Sinkclose vulnerability to compromise an entire system, it is crucial to address the issue without delay. *Source: Andy Greenberg, Wired* If you have enjoyed this article summary I invite you to please connect with me on Linkedin by sending me a connection request. John Keith King

More hardware gremlins found in AMD CPUs. https://lnkd.in/ejxcGJ2c I think my favorite line has to be: "Now security researchers have found one such flaw that has persisted in AMD processors for decades, and that would allow malware to burrow deep enough into a computer's memory that, in many cases, it may be easier to discard a machine than to disinfect it." I feel like this is a new low. This vulnerability is so bad that if you get infected–just toss your computer because there is simply no hope. #cybersecurity #news #technology #informationtechnology #it #amd