🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥

Startup Showcase

Premium Content

Try our Valuation Calculator →

News on Medial

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

Arstechnica

Arstechnica · 2m ago

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

Researchers discovered two Secure Boot exploits that bypass protections designed to ensure devices load only secure system images. Microsoft patched one but left the other as a threat. The first exploit, CVE-2025-3052, allows attackers to disable Secure Boot and install pre-OS malware. The second, CVE-2025-47827, leverages IGEL’s improper signature verification. Despite notifications, Microsoft hasn't indicated plans to revoke the offending signature. Secure Boot aims to protect against physical attacks, but these vulnerabilities underscore its limitations.

1

Related News

Critical vulnerability affecting most Linux distros allows for bootkits

Arstechnica

Arstechnica · 1y ago

Critical vulnerability affecting most Linux distros allows for bootkits

Linux developers are working to fix a high-severity vulnerability that can enable the installation of malware at the firmware level, making it difficult to detect or remove. The vulnerability is found in "shim," a component that runs during the boot process before the operating system starts. It plays a crucial role in secure boot, a protection feature in most devices to ensure every link in the boot process is verified. Successful exploitation of the vulnerability allows attackers to execute malicious firmware during the earliest stages of booting, undermining the secure boot mechanism. The vulnerability requires compromising the targeted device or the server/network the device boots from.

Critical vulnerability affecting most Linux distros allows for bootkits

Arstechnica

Arstechnica · 1y ago

Critical vulnerability affecting most Linux distros allows for bootkits

Linux developers are working on patching a high-severity vulnerability that enables the installation of firmware-level malware, granting deep-level access to an infected device. The vulnerability exists in shim, a component that runs in the firmware during the early boot process. Successful exploitation allows attackers to execute malicious firmware before the operating system starts, neutralizing the secure boot mechanism. The flaw, named CVE-2023-40547, is a buffer overflow that can be exploited through compromised devices or servers. Physical access to a device or administrative control could also be used to exploit the vulnerability.

Widely used DNA sequencer still doesn’t enforce Secure Boot

Arstechnica

Arstechnica · 7m ago

Widely used DNA sequencer still doesn’t enforce Secure Boot

The Illumina iSeq 100 DNA sequencer, widely used in gene-sequencing laboratories, does not enforce Secure Boot, posing security risks. Secure Boot is essential for blocking unauthorized firmware modifications and protecting against malware. A 2018 BIOS version without Read/Write protections makes it vulnerable to attacks. Experts warn that other medical devices might face similar issues due to reliance on older configurations. While Illumina downplays these risks, vulnerabilities could be exploited by threat actors.

Microsoft server hack has hit about 100 victims, researcher says - The Economic Times

Economic Times

Economic Times · 1m ago

Microsoft server hack has hit about 100 victims, researcher says - The Economic Times

A cyberespionage campaign has compromised roughly 100 organizations by exploiting Microsoft SharePoint server vulnerabilities, according to Eye Security. The operation utilizes a "zero day" exploit, allowing continuous unauthorized access. The hack targets various entities, including government agencies and businesses. Microsoft issued security updates, urging users to install them. The FBI and UK’s National Cyber Security Center are involved in investigating the attack, while experts recommend a comprehensive security approach beyond patching.

Ivanti Pulse Secure was using decade-old Linux and outdated libraries — no wonder it was such a popular target for hackers

Techradar

Techradar · 1y ago

Ivanti Pulse Secure was using decade-old Linux and outdated libraries — no wonder it was such a popular target for hackers

According to security analysts, Ivanti Pulse Secure was using an outdated version of Linux (CentOS 6.4) and vulnerable libraries, making it an attractive target for hackers. Eclypsium found 973 flaws, with 111 having publicly-known exploits. Additionally, researchers discovered thousands of vulnerabilities in shell scripts, Python files, and outdated certificates. The Integrity Checker Tool (ITC) was also found to have a logic issue, allowing hackers to evade detection. Thousands of Ivanti servers remain vulnerable to these flaws, which have been exploited in state-sponsored espionage campaigns.

Found on VirusTotal: The world’s first UEFI bootkit for Linux

Arstechnica

Arstechnica · 8m ago

Found on VirusTotal: The world’s first UEFI bootkit for Linux

Security firm ESET has discovered the first UEFI bootkit for Linux, raising concerns that Linux systems may also be targeted by UEFI bootkits. Called Bootkitty, the Linux bootkit is still in a rudimentary stage and has only been observed infecting Ubuntu distributions. ESET researchers suspect that this bootkit may be a proof-of-concept release since no actual infections have been found in the wild so far.

Google quietly corrects previously submitted disclosure for critical webp 0-day

Arstechnica

Arstechnica · 1y ago

Google quietly corrects previously submitted disclosure for critical webp 0-day

Google has resubmitted a disclosure of a critical code-execution vulnerability affecting not just the Chrome browser but also thousands of individual apps and software frameworks. The vulnerability is found in the libwebp code library, created by Google in 2010, which is used for rendering webp images. The vulnerability allows attackers to execute malicious code through a booby-trapped webp image. Google initially failed to note that other code using libwebp was also vulnerable, causing delays in patching the vulnerability. Microsoft Teams and Visual Studio Code remain unpatched.

Proactive measures against cyber vulnerabilities are vital: Here’s how companies can get started

Economic Times

Economic Times · 1y ago

Proactive measures against cyber vulnerabilities are vital: Here’s how companies can get started

The number and severity of vulnerabilities are increasing, and companies need to act swiftly to patch them. Studies show that a significant percentage of breaches involve the exploitation of vulnerabilities, resulting in financial losses and reputational damage. However, many organizations still rely on manual processes, leading to delays in patching. Autonomic vulnerability patching is a proactive approach that can help organizations improve their risk management, reduce costs, and enhance security. To implement autonomous patching, organizations should invest in cybersecurity software, create remediation strategies, automate patch deployments, monitor system stability, and collaborate between security and IT departments.

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

Arstechnica

Arstechnica · 1y ago

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

A newly discovered attack called LogoFAIL has revealed that hundreds of Windows and Linux computer models from various hardware manufacturers are vulnerable to malicious firmware infections. The attack is difficult to detect and remove, and can be executed remotely, bypassing multiple defense mechanisms. LogoFAIL exploits vulnerabilities in Unified Extensible Firmware Interfaces (UEFIs) responsible for booting devices, giving attackers control over the memory and disk of the target device early in the boot process. The attack has prompted companies to release advisories and security patches.

Thousands of Microsoft Exchange servers could be vulnerable to this dangerous security flaw

Techradar

Techradar · 1y ago

Thousands of Microsoft Exchange servers could be vulnerable to this dangerous security flaw

A serious vulnerability, CVE-2024-21410, has been identified in Microsoft Exchange servers that allows threat actors to perform NTLM relay attacks, leading to privilege escalation. The flaw was discovered earlier this year and patched in February. However, according to Shadowserver, around 100,000 servers are potentially vulnerable, with 28,500 confirmed to be vulnerable. While there is currently no publicly available exploit for the vulnerability, it is being actively exploited in the wild by hackers. Administrators are urged to apply the patch to secure their servers and prevent further attacks.

Trackers

Active Indian VC’s

OG Capital Email

With a hands-on approach, OG Capital aims to invest in over 20 promising...

Accel Partners Email

Early and growth-stage investments in disruptive technology companies with...

Early-stage venture capital firm investing in technology startups in India. Focus on...

Access All Trackers

Startup Showcase Winners

June 2025

Helping your parents when you are miles away

The Pit Stop Your Cravings Deserve

The next generation E-commerce platform

Enter Ongoing Startup Showcase

Top Users

Trending News on Medial

Download the medial app to read full posts, comements and news.