🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥

Startup Showcase

Premium Content

Try our Valuation Calculator →

News on Medial

Widely used DNA sequencer still doesn’t enforce Secure Boot

Arstechnica

Arstechnica · 6m ago

Widely used DNA sequencer still doesn’t enforce Secure Boot

The Illumina iSeq 100 DNA sequencer, widely used in gene-sequencing laboratories, does not enforce Secure Boot, posing security risks. Secure Boot is essential for blocking unauthorized firmware modifications and protecting against malware. A 2018 BIOS version without Read/Write protections makes it vulnerable to attacks. Experts warn that other medical devices might face similar issues due to reliance on older configurations. While Illumina downplays these risks, vulnerabilities could be exploited by threat actors.

Related News

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

Arstechnica

Arstechnica · 1m ago

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

Researchers discovered two Secure Boot exploits that bypass key protections, with Microsoft only addressing one. The unpatched vulnerability includes a tool used in DT Research devices that undermines Secure Boot, affecting systems with Microsoft’s UEFI certificate. Despite Microsoft’s patch for one exploit, the issue reveals the wide impact of such vulnerabilities. Another patchless vulnerability by IGEL allows malware installation, as Microsoft has yet to respond. Users' main defense remains securing devices physically.

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

Arstechnica

Arstechnica · 1m ago

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

Researchers discovered two Secure Boot exploits that bypass protections designed to ensure devices load only secure system images. Microsoft patched one but left the other as a threat. The first exploit, CVE-2025-3052, allows attackers to disable Secure Boot and install pre-OS malware. The second, CVE-2025-47827, leverages IGEL’s improper signature verification. Despite notifications, Microsoft hasn't indicated plans to revoke the offending signature. Secure Boot aims to protect against physical attacks, but these vulnerabilities underscore its limitations.

Critical vulnerability affecting most Linux distros allows for bootkits

Arstechnica

Arstechnica · 1y ago

Critical vulnerability affecting most Linux distros allows for bootkits

Linux developers are working to fix a high-severity vulnerability that can enable the installation of malware at the firmware level, making it difficult to detect or remove. The vulnerability is found in "shim," a component that runs during the boot process before the operating system starts. It plays a crucial role in secure boot, a protection feature in most devices to ensure every link in the boot process is verified. Successful exploitation of the vulnerability allows attackers to execute malicious firmware during the earliest stages of booting, undermining the secure boot mechanism. The vulnerability requires compromising the targeted device or the server/network the device boots from.

Critical vulnerability affecting most Linux distros allows for bootkits

Arstechnica

Arstechnica · 1y ago

Critical vulnerability affecting most Linux distros allows for bootkits

Linux developers are working on patching a high-severity vulnerability that enables the installation of firmware-level malware, granting deep-level access to an infected device. The vulnerability exists in shim, a component that runs in the firmware during the early boot process. Successful exploitation allows attackers to execute malicious firmware before the operating system starts, neutralizing the secure boot mechanism. The flaw, named CVE-2023-40547, is a buffer overflow that can be exploited through compromised devices or servers. Physical access to a device or administrative control could also be used to exploit the vulnerability.

Backdoored firmware lets China state hackers control routers with “magic packets”

Arstechnica

Arstechnica · 1y ago

Backdoored firmware lets China state hackers control routers with “magic packets”

Chinese government-backed hackers are infiltrating the networks of multinational companies in the US and Japan by planting malware into routers, according to government advisories. The hacking group, known as BlackTech, has been operating since at least 2010 and has a history of targeting public organizations and private companies. These hackers gain control of network devices used by subsidiaries, install malicious firmware, and use the compromised routers to infiltrate the networks of trusted companies. Cisco routers are predominantly affected, but newer models equipped with secure boot capabilities are less vulnerable. Traditional detection techniques may not be effective against this malware.

Baidu says AI chatbot 'Ernie Bot' has amassed 200 million users

Economic Times

Economic Times · 1y ago

Baidu says AI chatbot 'Ernie Bot' has amassed 200 million users

Chinese internet company Baidu announced that its artificial intelligence chatbot "Ernie Bot" has gained over 200 million users and is being used 200 million times daily. The chatbot, launched eight months ago, has attracted a large user base and is a popular choice for individuals and enterprise clients in China. Despite competition from other domestic AI services like Alibaba-backed Kimi, the Baidu chatbot remains the most widely used in China. However, globally, Baidu's AI service still lags behind OpenAI's ChatGPT, which remains the most popular generative AI service.

Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks

Arstechnica

Arstechnica · 1y ago

Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks

Multiple zero-day vulnerabilities have been identified in Ivanti Connect Secure, a widely used virtual private network (VPN) appliance, allowing threat actors to bypass two-factor authentication and execute malicious code within targeted networks. Tracked as CVE-2023-846805 and CVE-2024-21887, these vulnerabilities have been actively exploited by unidentified threat actors. The compromised appliance was used to steal configuration data, modify files, download remote files, and gain unauthorized access to internal systems. Researchers suspect that a Chinese nation-state-level threat actor is behind the attacks. Mitigation measures are advised, as there is potential for widespread exploitation if the vulnerabilities are not addressed promptly.

NSA says it's tracking Ivanti cyberattacks as hackers hit US defense sector

TechCrunch · 1y ago

NSA says it's tracking Ivanti cyberattacks as hackers hit US defense sector

The U.S. National Security Agency (NSA) has confirmed that hackers targeting vulnerabilities in Ivanti's VPN software have attacked organizations in the U.S. defense sector. The China-backed hacking group UNC5325 has launched massive attempts to exploit vulnerabilities in Ivanti Connect Secure, a widely used enterprise VPN appliance. The hackers demonstrate extensive knowledge of the software and have deployed malware to maintain persistence even after system updates and patches. The NSA is collaborating with other agencies to detect and mitigate the attacks. It is currently unclear how many Ivanti customers have been affected.

Britain to join EU semiconductor research programme

Reuters · 1y ago

Britain to join EU semiconductor research programme

The UK government has pledged £35 million to join the European Union's initiative to develop and manufacture advanced semiconductors in Europe. This move comes as both the UK and EU aim to secure their domestic semiconductor supply chains after realizing their dependence on global chipmakers and technologies owned by Chinese and US companies. By joining the European chips initiative, UK semiconductor companies can now compete for grants from the larger European fund. Semiconductors are widely used in everyday devices, driving a global race to attract manufacturers and develop new technologies.

Japan finally gives up on 1.44MB floppy disk drives, 50 years after they went on sale — but there's no sign of Microsoft removing the iconic 'Save' floppy icon from Office just yet

Techradar

Techradar · 1y ago

Japan finally gives up on 1.44MB floppy disk drives, 50 years after they went on sale — but there's no sign of Microsoft removing the iconic 'Save' floppy icon from Office just yet

Japan's Ministry of Economy, Trade and Industry (METI) is finally abandoning the use of floppy disks for official governmental application procedures. METI has issued an ordinance to update and modernize regulations that currently require businesses to submit supplementary data in the form of floppies or CD-Roms. The move is part of a broader effort to review analog regulations and foster a digital society. The Japanese government has been slow to take action, with outdated technologies like fax machines still widely used in the country.

Trackers

Active Indian VC’s

OG Capital Email

With a hands-on approach, OG Capital aims to invest in over 20 promising...

Accel Partners Email

Early and growth-stage investments in disruptive technology companies with...

Early-stage venture capital firm investing in technology startups in India. Focus on...

Access All Trackers

Startup Showcase Winners

June 2025

Helping your parents when you are miles away

The Pit Stop Your Cravings Deserve

The next generation E-commerce platform

Enter Ongoing Startup Showcase

Top Users

Trending News on Medial

Download the medial app to read full posts, comements and news.