Chuck DarwinResearchers on Wednesday announced a major #cybersecurity find—the world’s first-known instance of real-world #malware that can hijack a computer’s boot process even when #Secure #Boot and other advanced protections are enabled and running on fully updated versions of #Windows.
Dubbed #BlackLotus, the malware is what’s known as a UEFI bootkit. These sophisticated pieces of malware target the #UEFI—short for Unified Extensible Firmware Interface—the low-level and complex chain of firmware responsible for booting up virtually every modern computer.
As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right.
It’s located in an SPI-connected #flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch.
Previously discovered bootkits such as #CosmicStrand, #MosaicRegressor, and #MoonBounce work by targeting the UEFI firmware stored in the flash storage chip. Others, including BlackLotus, target the software stored in the EFI system partition.
While researchers have found Secure Boot vulnerabilities in the past, there has been no indication that threat actors have ever been able to bypass the protection in the 12 years it has been in existence.
Until now.
Sliotar@cdarwin
Did you even bother reading the article?
Or are you just incapable of understanding it?
Researchers didn't announce a major find, they released an in-depth analysis of an exploit that has been known about for months, an exploit that is in fact detectible in a managed environment, and that can be removed.
The problem is that fixing this issue would break factory recovery images pre-installed on millions of PCs, and user backups - the cure would be worse than the disease.
I thought my point was pretty obvious - you're hyping an article that you don't actually understand. Your opening line shows that much.
As far as being rude? Since when was it rude to call out disinformation?
You're the 5th or 6th person who has posted a link to that article, so you're in good company.
The article is about finding the vulnerability actually being exploited
The only disinformation is your pretense that you are not just ego- tripping
Cute, accusing me of ego-tripping, then blocking me to prevent me replying.
The article is about how the exploit works. It makes it very clear right at the beginning that the rootkit has been available for over 6 months, and that ESET first detected signs of it in October.
There's no ego-trip in being able to actually understand what I read. Posting a clumsy summary of an article that you don't really understand though? Ego-tripping would be one motivation, I suppose.