Cybersecurity

7539 readers

105 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

BIOS under attack: hackers increasingly focus on boot threats (cybernews.com)

submitted 2 weeks ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

8 comments fedilink hide all child comments

top 8 comments

sorted by: hot top controversial new old

[–] Kolanaki@pawb.social 10 points 2 weeks ago (1 children)

Well... As long as I don't reboot my computer, I'm safe. 😤

[–] floofloof@lemmy.ca 8 points 2 weeks ago (1 children)

Even safer if you never boot it in the first place.

[–] homesweethomeMrL@lemmy.world 1 points 2 weeks ago

rollsafe.jpg

[–] Psythik@lemm.ee 5 points 2 weeks ago

Shit like this is why I'm glad that AMD stays on top of BIOS updates. Built my first AMD machine in 2022 and it's blowing my mind that my motherboard is still being supported 3 years later. (I wanted to switch sooner, but my timing between builds was always bad. Missed out on Kuma, missed out on the Athlon era when they were embarrassing the Pentium 4.) When I was with Intel, I'd be lucky to get one BIOS update, if even that.

Can't wait for the end of the AM5 platform in a few years, when I'll be able to upgrade my 7700X to the latest X3D chip, and practically have a brand new PC all over again.

[–] Speiser0@feddit.org 5 points 2 weeks ago (2 children)

What the "How do attackers get in?" part doesn't mention: What attackers actually need to get in.

For Boot Hole for example (taken from here: https://access.redhat.com/security/vulnerabilities/grub2bootloader):

In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access.

[–] mutual_ayed@sh.itjust.works 2 points 2 weeks ago

Any environment that uses ipxe or maas is susceptible to these attacks

[–] tias@discuss.tchncs.de 1 points 2 weeks ago (1 children)

Or just leak the signing keys like they did with MSI. That quote describes the theory, but there are tons of shit-for-brains humans that can screw it up. The UEFI attack surface is much bigger than it has any right to be.

[–] LOLseas@sh.itjust.works 1 points 2 weeks ago* (last edited 2 weeks ago)

Oh man, I think you may have given me the clue I needed. On my second MSI X570s Max Edge WiFi board this year, because of what I believed was a UEFI/BIOS Rootkit. Strange things keep surviving complete wipes/reinstalls of my OS. Secureboot disabled/enabled, doesn't matter. Plagued (among other annoyances) with some 10s sound clips that randomly play, network usage monitor showing I'm downloading half a TB a day, uploading a 1/4th of that, etc. ClamAV finding some Unix.Ransomware.eCh0raix process running (first install)...

Could you have solved my headache? Switch motherboard vendors altogether? Is my board affected? I built this thing less than a year ago, and money is tight. Need to stay on X570 chipset, too much invested in this AM4 build.