jbz<p>🐧Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels | The Hacker News</p><p>"The bootkit's main goal is to disable the kernel's signature verification feature and to preload two as yet unknown ELF binaries via the Linux init process (which is the first process executed by the Linux kernel during system startup),"</p><p><a href="https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2024/11/rese</span><span class="invisible">archers-discover-bootkitty-first.html</span></a></p><p><a href="https://indieweb.social/tags/bootkitty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bootkitty</span></a> <a href="https://indieweb.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://indieweb.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://indieweb.social/tags/uefi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uefi</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
en.osm.town is one of the many independent Mastodon servers you can use to participate in the fediverse.
An independent, community of OpenStreetMap people on the Fediverse/Mastodon.
Funding graciously provided by the OpenStreetMap Foundation.
Administered by:
Server stats:
256active users
en.osm.town: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#bootkitty
0 posts · 0 participants · 0 posts today
Radio Azureus<p>UEFI malware targeting Linux computing systems article has been updated</p><p>BootKitty attacks can be circumvented / mitigated when you follow best practices </p><p><a href="https://mastodon.social/tags/BootKitty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BootKitty</span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>programming</span></a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/freeBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>freeBSD</span></a> <a href="https://mastodon.social/tags/netBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>netBSD</span></a> <a href="https://mastodon.social/tags/openBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openBSD</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.social/tags/POSIX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>POSIX</span></a></p><p><a href="https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">welivesecurity.com/en/eset-res</span><span class="invisible">earch/bootkitty-analyzing-first-uefi-bootkit-linux/</span></a></p>
Fossery Tech :debian: :gnome:<p>This week's Linux and FOSS news:</p><p>LINUX NEWS</p><p>elementary OS 8 released with new Wayland session (called Secure session) with prompts to give programs certain permissions, new Dock, Flathub out-of-the-box, new quick settings, system updates via system settings, option to conceal text on screenshots:<br><a href="https://news.itsfoss.com/elementary-os-8-release/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.itsfoss.com/elementary-os</span><span class="invisible">-8-release/</span></a><br>(The prompting for permission thing is pretty unique on Linux. I know some nerds will call it "phone approach" because mobile OSes do the same but I don't think it's necessarily bad. I'm personally satisfied with the regular approach to open Flatseal to control permissions after I download a program, but for many people the prompting approach is probably more efficient because they don't have to think about going to Flatseal first, yet they can still prevent some unnecessary access for programs.)</p><p>NixOS 24.11 released with GNOME 47, KDE Plasma 6.2, PipeWire by default, Nix 2.24 package manager, improved support for Darwin into Nixpkgs, support for LLVM 19 compiler etc.:<br><a href="https://9to5linux.com/nixos-24-11-released-with-gnome-47-and-kde-plasma-6-2-pipewire-by-default" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">9to5linux.com/nixos-24-11-rele</span><span class="invisible">ased-with-gnome-47-and-kde-plasma-6-2-pipewire-by-default</span></a></p><p>Armbian 24.11 released with support for OrangePi5 Max, Radxa ROCK 5B+ and many more devices:<br><a href="https://9to5linux.com/armbian-24-11-released-with-support-for-orangepi-5-max-and-radxa-rock-5b" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">9to5linux.com/armbian-24-11-re</span><span class="invisible">leased-with-support-for-orangepi-5-max-and-radxa-rock-5b</span></a></p><p>First UEFI bootkit for Linux, Bootkitty is discovered:<br><a href="https://news.itsfoss.com/bootkitty-linux/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.itsfoss.com/bootkitty-lin</span><span class="invisible">ux/</span></a><br>(Remember, no system is 100% secure, including Linux)<br>(It's currently a proof-of-concept but regardless it's better to be aware of it, update your system regularly, keep Secure Boot enabled if your distro supports it, to be protected against these type of attacks in the future.)</p><p>Cinnamon 6.4 released with new default theme, built-in Night Light feature, Power Profile options, updated applets etc.:<br><a href="https://9to5linux.com/cinnamon-6-4-desktop-environment-released-with-revamped-theme-night-light" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">9to5linux.com/cinnamon-6-4-des</span><span class="invisible">ktop-environment-released-with-revamped-theme-night-light</span></a></p><p>KDE Plasma 6.2.4 released with re-enabled HDR mode for NVIDIA 565 and Linux 6.11 users, various bug fixes, improvements:<br><a href="https://9to5linux.com/kde-plasma-6-2-4-re-enables-hdr-mode-for-users-on-nvidia-565-and-linux-6-11" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">9to5linux.com/kde-plasma-6-2-4</span><span class="invisible">-re-enables-hdr-mode-for-users-on-nvidia-565-and-linux-6-11</span></a></p><p>Ubuntu Touch OTA-7 released with PulseAudio security fixes:<br><a href="https://9to5linux.com/ubuntu-touch-ota-7-released-for-linux-phones-with-pulseaudio-security-fixes" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">9to5linux.com/ubuntu-touch-ota</span><span class="invisible">-7-released-for-linux-phones-with-pulseaudio-security-fixes</span></a></p><p>(FOSS news in reply)</p><p><a href="https://social.linux.pizza/tags/WeeklyNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeeklyNews</span></a> <a href="https://social.linux.pizza/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a> <a href="https://social.linux.pizza/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://social.linux.pizza/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://social.linux.pizza/tags/elementaryOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>elementaryOS</span></a> <a href="https://social.linux.pizza/tags/NixOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NixOS</span></a> <a href="https://social.linux.pizza/tags/Armbian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Armbian</span></a> <a href="https://social.linux.pizza/tags/Bootkitty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bootkitty</span></a> <a href="https://social.linux.pizza/tags/Cinnamon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cinnamon</span></a> <a href="https://social.linux.pizza/tags/KDE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KDE</span></a> <a href="https://social.linux.pizza/tags/KDEPlasma" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KDEPlasma</span></a> <a href="https://social.linux.pizza/tags/UbuntuTouch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UbuntuTouch</span></a> <a href="https://social.linux.pizza/tags/LinuxDistro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LinuxDistro</span></a> <a href="https://social.linux.pizza/tags/FosseryTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FosseryTech</span></a></p>
PrivacyDigest<p>Code found online <a href="https://mas.to/tags/exploits" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploits</span></a> <a href="https://mas.to/tags/LogoFAIL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogoFAIL</span></a> to install <a href="https://mas.to/tags/Bootkitty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bootkitty</span></a> <a href="https://mas.to/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mas.to/tags/backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoor</span></a> <br><a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p><p><a href="https://arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/</span></a></p>
:rss: Hacker News<p>Researchers discover first UEFI bootkit malware for Linux<br><a href="https://www.bleepingcomputer.com/news/security/researchers-discover-bootkitty-first-uefi-bootkit-malware-for-linux/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/researchers-discover-bootkitty-first-uefi-bootkit-malware-for-linux/</span></a><br><a href="https://rss-mstdn.studiofreesia.com/tags/ycombinator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ycombinator</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/computers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>computers</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/mac" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mac</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/support" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>support</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/tech_support" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech_support</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/spyware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spyware</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/virus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>virus</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Bootkit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bootkit</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Bootkitty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bootkitty</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Kernel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kernel</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ubuntu</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/UEFI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UEFI</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/virus_removal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>virus_removal</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/malware_removal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware_removal</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/computer_help" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>computer_help</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/technical_support" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technical_support</span></a></p>
Chuck Darwin<p>A rootkit is a piece of malware that runs in the deepest regions of the operating system it infects. <br>It leverages this strategic position to hide information about its presence from the operating system itself. <br>A bootkit, meanwhile, is malware that infects the boot-up process in much the same way. <br>Bootkits for the UEFI<br>—short for Unified Extensible Firmware Interface<br>—lurk in the chip-resident firmware that runs each time a machine boots. <br>These sorts of bootkits can persist indefinitely, providing a stealthy means for backdooring the operating system even before it has fully loaded and enabled security defenses such as antivirus software.<br>The newly discovered <a href="https://c.im/tags/Bootkitty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bootkitty</span></a> suggests threat actors may be actively developing a Linux version of the same sort of unkillable bootkit that previously was found only targeting Windows machines.<br>“Whether a proof of concept or not, Bootkitty marks an interesting move forward in the UEFI threat landscape, <br>breaking the belief about modern UEFI bootkits being Windows-exclusive threats,” ESET researchers wrote. <br>“Even though the current version from VirusTotal does not, at the moment, represent a real threat to the majority of Linux systems, <br>it emphasizes the necessity of being prepared for potential future threats.”</p><p><a href="https://arstechnica.com/security/2024/11/found-in-the-wild-the-worlds-first-unkillable-uefi-bootkit-for-linux/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">11/found-in-the-wild-the-worlds-first-unkillable-uefi-bootkit-for-linux/</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload