#DockerHub: Gefährliche #Backdoor in älteren #Linux-Images entdeckt

https://www.golem.de/news/docker-hub-gefaehrliche-backdoor-in-mehreren-linux-images-entdeckt-2508-199108.html

#Binarly #Docker #XZ #XZUtils

Right a few days before I'll be talking about patterns in DRAM init at #GPN23, #Binarly are posting on their type inference tooling:
https://www.binarly.io/blog/type-inference-for-decompiled-code-from-hidden-semantics-to-structured-insights

Will definitely mention this. :)

🎤 Excited to announce @zaolin 's demo at Dasharo vPub: "@binarly_io Risk Hunt: Finding Firmware Vulnerabilities in the Wild!"

Philipp will showcase the latest updates to Binarly's Risk Hunt platform and demonstrate its capabilities for analyzing and identifying vulnerabilities in various firmware images.

🗓️ Sep 12, 19:00 UTC

📄 More info: https://buff.ly/4dPT6af
🎟️ Sign up: https://buff.ly/47dBUJk

#Dasharo #FirmwareSecurity #Binarly #RiskHunt #CyberSecurity #Firmware

A significant security issue involving the Lighttpd web server was uncovered, affecting baseboard management controllers (BMCs) used in Intel and Lenovo devices. This vulnerability, a Heap Out-of-bounds read (CWE-125), was discovered in the Lighttpd module used in Intel Server System devices and Lenovo BMC firmware. The vulnerability was first discovered and fixed in August 2018, but due to the lack of a Common Vulnerabilities and Exposures (CVE) identifier and an advisory, it was overlooked by developers, including those of AMI MegaRAC BMC. This oversight resulted in the vulnerability persisting in products made by Intel and Lenovo.

The vulnerability allows an attacker to exfiltrate sensitive data, such as process memory addresses, which can then be used to bypass security mechanisms like Address Space Layout Randomization (ASLR).

The Binarly research team played a crucial role in identifying and documenting this vulnerability, assigning identifiers to the affected Intel and Lenovo BMC firmware and to vulnerable Lighttpd builds in general.

https://www.binarly.io/blog/lighttpd-gains-new-life

#cybersecurity #lighttpd #webserver #vulnerability #bmc #aslr #intel #lenovo #securitypatch #firmware #binarly

"🚨 UEFI Under Threat: The LogoFAIL Vulnerability 🚨"

A recent security report has brought attention to LogoFAIL, a collection of vulnerabilities that pose a substantial risk to devices utilizing UEFI firmware. These vulnerabilities enable attackers to install UEFI bootkits by leveraging weaknesses in the image-parsing components utilized by various vendors in their firmware. LogoFAIL's impact is widespread, affecting a broad range of devices across x86 and ARM architectures, including products from prominent manufacturers such as Intel, Acer, and Lenovo.

Researchers at Binarly have uncovered that malicious payloads can be executed by injecting image files into the EFI System Partition (ESP), effectively evading security features like Secure Boot. This method of attack ensures the persistence of malware on the system, rendering it virtually undetected. LogoFAIL's full scope of impact is still being assessed, but it is already evident that it poses a significant threat to both consumer and enterprise-grade devices, as it bypasses security mechanisms designed to protect UEFI systems.

Source: BlackHat talk and Bill Toulas, BleepingComputer

MITRE ATT&CK Reference for UEFI Vulnerabilities: T1588.006

Tags: #CyberSecurity #UEFI #Vulnerability #LogoFAIL #Bootkit #SecureBoot #FirmwareSecurity #Binarly #DeviceSecurity 🚨💻🔒