AAKL, to Cybersecurity
@AAKL@noc.social avatar
gcluley, to Cybersecurity
@gcluley@mastodon.green avatar

BlackLotus bootkit patch may bring "false sense of security", warns NSA

Read more in my article on the Tripwire blog:

https://www.tripwire.com/state-of-security/blacklotus-bootkit-patch-may-bring-false-sense-security-warns-nsa

Black Lotus boot wim patch issues for MCM/MECM/SCCM

If you’re running into issues where the “Pre-provision bitlocker” step is failing (win32_tpm wmi provider load errors) after trying to apply the 2023-05 May patches to your boot image in MCM for the black lotus vulnerability: don’t try to redo with any boot wim that has already been touched by configmgr- do your patches...

tsupasat, to random

Tomorrow, I start as Director of Product Marketing at Eclypsium, Inc. I am excited to work alongside an extremely smart and thoughtful team.

Increasingly, attackers are targeting firmware to evade OS-level protections and maintain persistence. It's an "out of sight, out of mind" attack vector, but extremely critical. Watch this space because it could get real messy, real fast. Think of what an APT can do with with root access to enterprise network appliances, or what malware syndicates could do with an easy-to-use boot kit.

What controls do you currently have in place to assess and mitigate the risk of firmware attacks, especially those delivered through your supply chain? Eclypsium makes this easy for IT and security teams. Delivered as SaaS, the platform helps you to establish trust in your software, firmware, and hardware supply chain. Eclypsium has the largest library of firmware profiles and can verify the observed firmware matches the firmware profile that should be on the device, as well as report on firmware configurations.

This blog post from @paulasadoorian chronicles recent real-world firmware attacks and explains why attackers focus on firmware: https://eclypsium.com/blog/endpoint-firmware-attack-timeline-introduction/

itnewsbot, to random
@itnewsbot@schleuss.online avatar

This Week in Security: .zip Domains, Zip scanning - The world may not be ready, but the .zip Top Level Domain (TLD) is here. It’s a pa... - https://hackaday.com/2023/05/19/this-week-in-security-zip-domains-zip-scanning/

Foxboron, to random
@Foxboron@chaos.social avatar
  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • kavyap
  • thenastyranch
  • mdbf
  • DreamBathrooms
  • InstantRegret
  • magazineikmin
  • Youngstown
  • cisconetworking
  • slotface
  • vwfavf
  • everett
  • Durango
  • rosin
  • tester
  • GTA5RPClips
  • khanakhh
  • osvaldo12
  • ngwrru68w68
  • normalnudes
  • anitta
  • ethstaker
  • cubers
  • modclub
  • tacticalgear
  • provamag3
  • Leos
  • JUstTest
  • All magazines