#LogoFail #MünchenWählt #OB2026 #DesignDesTages #BrilleAufRealityCheck #München2026 #München

Why do I keep seeing cars with "Ki" in cyrillic letters?

Ки

Code found online #exploits #LogoFAIL to install #Bootkitty #Linux #backdoor
#security

https://arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/

BSD, UNIX, Linux Security Advisory

Lenovo has released the patch for the LogoFAIL UEFI vulnerablity for all products now.

I've now tested the upgrade already running DragonflyBSD and Alpine Linux on Thinkpads.

* The upgrade worked well with no issues.

* No warnings or performance impact was recorded.

* dmidecode and CHIPSEC verify the vulnerability removal and report 3.14 3/22.

Please update your BIOS as soon as you can no matter the OS or device.

My Dragonfly BSD repo is based on a Thinkpad, so here is Thinkpad T495.

https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t495-type-20nj-20nk/downloads/driver-list/component?name=BIOS%2FUEFI&id=5AC6A815-321D-440E-8833-B07A93E0428C

Are you interested in #firmware?
Want to know about #UEFI and #security?
Have you heard of the #LogoFAIL vulnerability?

Come visit us at the #37C3 Open Source Firmware Foundation (OSFF) assembly!

https://events.ccc.de/congress/2023/hub/en/assembly/OSFF/

LogoFAIL, an attack that executes malware during the boot process, is affecting hundreds of Windows and Linux devices https://www.admin-magazine.com/News/Windows-and-Linux-Devices-Vulnerable-to-LogoFAIL-Attack #LogoFAIL #Windows #Linux #malware #attack #firmware

Newly discovered LogoFAIL leaves hundreds of Linux and Windows systems vulnerable https://www.linux-magazine.com/Online/News/Hundreds-of-Consumer-and-Enterprise-Devices-Vulnerable-to-LogoFAIL #LogoFAIL #Linux #Windows #malware #vulnerability #security #firmware

LogoFAIL: Windows / Linux UEFI Hardware Vulnerable With Persistence

(get patched)

#infosec #cybersecurity #privacy #security #Linux #Windows #Blackhat #Windows #Linux #logoFAIL #UEFI #BIOS #firmware

https://tube.tchncs.de/w/xrk3chJJtiq94cPKstwfj9

C'est absolument génial, l'attaque #LogoFail. Comme bien des ordinateurs affichent un logo au démarrage, et que ce logo n'est pas en dur dans le code mais chargé depuis un fichier, l'analyseur du fichier est critique (cf. la faille récente sur WebP). Or, plein de BIOS ont un analyseur bogué, qui tourne avant le système d'exploitation, donc en open bar complet, et qui peut être trompé par une image malveillante.
https://www.blackhat.com/eu-23/briefings/schedule/index.html#logofail-security-implications-of-image-parsing-during-system-boot-35042

Latest issue of my curated #cybersecurity and #infosec list of resources for week #49/2023 is out! It includes the following and much more:

➝ #23andMe updates user agreement to prevent #databreach lawsuits
➝ Hackers Exploited #ColdFusion Vulnerability to Breach Federal Agency Servers
➝ #Navy contractor Austal USA confirms #cyberattack after #dataleak
➝ #Nissan is investigating cyberattack and potential data breach
➝ Sellafield nuclear site hacked by groups linked to #Russia and #China
➝ #Roblox, #Twitch allegedly targeted by #ransomware cartel
➝ N. Korean #Kimsuky Targeting South Korean Research Institutes with #Backdoor Attacks
➝ ITG05 operations leverage #Israel-#Hamas conflict lures to deliver Headlace #malware
➝ Russian military hackers target #NATO fast reaction corps
➝ Cyberattack on Irish Utility Cuts Off Water Supply for Two Days
➝ Russia hacking: '#FSB in years-long cyber attacks on UK', says government
➝ Russia's AI-Powered Disinformation Operation Targeting #Ukraine, U.S., and #Germany
➝ #Microsoft Warns of Kremlin-Backed #APT28 Exploiting Critical #Outlook Vulnerability
➝ Inside Job: How a Hacker Helped Cocaine Traffickers Infiltrate Europe’s Biggest Ports
➝ Governments spying on #Apple, #Google users through push notifications - US senator
➝ Due to AI, “We are about to enter the era of mass spying,” says Bruce Schneier
➝ Ukraine appoints new cyber chief following ouster of top officials
➝ Norwegian Labor and Welfare Administration fined for data protection failures
➝ French government recommends against using foreign chat apps
➝ "Sierra:21" vulnerabilities impact #criticalinfrastructure routers
➝ New Stealthy 'Krasue' #Linux Trojan Targeting #Telecom Firms in Thailand
➝ SpyLoan #Android malware on Google Play downloaded 12 million times
➝ #LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks
➝ Just about every #Windows and #Linux device vulnerable to new LogoFAIL firmware attack
➝ #Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger
➝ Addressing post-quantum #cryptography with #CodeQL
➝ #Gmail’s AI-powered #spam detection is its biggest security upgrade in years
➝ Your mobile password manager might be exposing your credentials
➝ #Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks

This week's recommended reading is: "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws" by Dafydd Stuttard

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-week-492023

https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/ Windows #Linux #firmware #attack #vulnerability #LogoFAIL #Binarly #UEFI #FilelessMalware

Slide from #LogoFAIL presentation by Binarly

Multibillion dollar UEFI vendors roll their own image parsers in firmware used by billions of devices worldwide...do they fuzz them? nahh, can't do that, that gives you dandruff
Where is your SBOM God now ?
https://i.blackhat.com/EU-23/Presentations/EU-23-Pagani-LogoFAIL-Security-Implications-of-Image_REV2.pdf

Just about every #Windows and #Linux device #vulnerable to new #LogoFAIL #firmware attack using malicious logo images.
LogoFAIL can be remotely executed in post-e#xploit situations using techniques that can’t be spotted by traditional endpoint security. And because exploits run during the earliest stages of the boot process, they bypass defenses, like #UEFI #SecureBoot, and similar protections from other companies that are devised to prevent so-called #bootkit infections
https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/

UEFI Schwachstelle: LogoFAIL gefährdet viele Rechner
https://linuxnews.de/uefi-schwachstelle-logofail-tauscht-logos-aus/ #logofail #UEFI

Cool research #logofail

https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/

https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/

Looking at the LogoFAIL white paper and I'm not connecting the "just about every device vulnerable" part of the headlines.

IIUC, vulnerable UEFI firmware has to support loading a custom logo from the EFI system partition. I can't find much vendor support for this?

The only documented method I've found is from HP: https://support.hp.com/au-en/document/c01646879

Do more vendors support this but don't document it?

Other "custom BIOS logo" tutorials I've found involve repacking a firmware image, in which case surely the logo is in the BGRT inside the firmware payload which is verified by Intel Boot Guard / Secure Boot before it's loaded. Isn't it?

Almost every #Windows and #Linux device is vulnerable to new #LogoFAIL #firmware attack https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/ Limiting physical access and keeping browsers updated are essential. Some vendors will also offer patches. #BIOS #UEFI #security

Major heads up folks, every #Windows and #Linux device are affected by this. https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/