#Microsoft used its #AI-powered #SecurityCopilot to discover 20 previously unknown vulnerabilities in the #GRUB2, #UBoot, and #Barebox #opensource #bootloaders.
GRUB2 (GRand Unified Bootloader) is the default boot loader for most #Linux distributions, including Ubuntu, while U-Boot and Barebox are commonly used in embedded and #IoT devices.
https://www.bleepingcomputer.com/news/security/microsoft-uses-ai-to-find-flaws-in-grub2-u-boot-barebox-bootloaders/ #ITSec

L’ #IA #AI #Microsoft #Security #Copilot découvre 20 #failles dans les #bootloaders #Linux

C'est ce qu'on appelle une petite guéguerre contre ses concurrents, en utilisant l' #IA ..

La guerre des #IA à commencé...

https://korben.info/ia-microsoft-decouvre-20-failles-bootloaders-grub2.html

L’ #IA #AI #Microsoft #Security #Copilot découvre 20 #failles dans les #bootloaders #Linux C'est ce qu'on appelle une petite guéguerre contre ses concurrents, en utilisant l' #IA .. La guerre des #IA à commencé... korben.info/ia-microsoft...

L’IA Microsoft Security Copilo...

The North Koreans and Russians have been busy, Insiders abound, and attacker tradecraft continues to evolve!

Catch all this and more in our latest wrap-up of the day's news:

🗞️ https://opalsec.io/daily-news-update-monday-april-1-2025-australia-melbourne/

There are a few noteworthy stories to get across - here's the TL;DR to get you up to speed:

🕵️ North Korean Infiltration: This is way bigger than many think. DPRK nationals are landing jobs inside global companies, gaining privileged access ("keys to the kingdom" level!). DTEX reports active investigations in 7% of their Fortune Global 2000 clients, and CrowdStrike notes nearly 40% of their NK-related IR cases involved insiders. They move fast post-hire, pivoting to supply chains and installing RATs disguised as onboarding. Watch out for highly anomalous login behaviour (like days-long sessions!). Rigorous remote hiring checks (camera on, resume checks, comms style) are crucial.

🎣 ClickFix Tactics by Lazarus: The infamous North Korean group is evolving its 'Contagious Interview' campaign (now dubbed 'ClickFake' by Sekoia). They're targeting crypto job seekers (shifting focus to non-tech roles too!) with fake website/document errors ('ClickFix'). These prompt users to run PowerShell/curl commands, dropping the 'GolangGhost' backdoor. Watch out for lures impersonating giants like Coinbase or Kraken. Sekoia has shared YARA rules – definitely worth checking out.

💻 WordPress MU-Plugin Abuse: Bad actors are getting stealthy by hiding malicious code in WordPress "Must-Use Plugins" (wp-content/mu-plugins/). These execute automatically on every page load without activation, making them hard to spot. Sucuri is seeing redirects to fake browser updates, webshell backdoors fetching code from GitHub, and JS hijackers replacing content or links. Keep those instances patched, clean up unused plugins/themes, and lock down admin accounts (MFA!).

Check out what else happened in the past 24 hours, and subscribe to get each edition straight to your inbox:
📨 https://opalsec.io/daily-news-update-monday-april-1-2025-australia-melbourne/#/portal/signup

#CyberSecurity #InfoSec #ThreatIntelligence #Hacking #DataBreach #Phishing #Malware #WordPress #NorthKorea #Russia #Ukraine #AI #SecurityCopilot #GRUB2 #Bootloaders #InsiderThreat #DataProtection #CyberAttack #infosecurity #cybersecuritynews #ClickFix

For those of you who are also deep into Windows #reverseengineering, #bootloaders, and #WinDbg: My first blog post on researching the Windows driver load order and all its quirks is out, beginning with some WinDbg fundamentals: https://colinfinck.de/posts/nt-load-order-part-1/

Figured something out myself today. How to “Direct Kernel Boot” #gentoo #linux and removing #grub. Thought I’d make a guide and some scripts for helping out if others also want to try doing this.

Here is the GitHub gist I made about it if you wanna try it yourself!

https://gist.github.com/AFellowSpeedrunner/f2374c1c924d39d0fb2c4f27f25e8dbc

#uefi #efi #bootloaders #computers #technology #gentoolinux #linuxkernel

Asking because my only memory on this is that it breaks on #Ubuntu that happily fills up the place with #kernels and fails to write them, yet updates #grub to point to now non-existing image.

But I believe that there will be a real reason? Like #bootloaders not being able to use the modern filesystems or something?

At least for my time spent on my day off, I got a nice lesson in #BTRFS and #bootloaders, as well as a refresher on partitioning schemes and the basics if settings up #Linux

netbootxyz is a network-based bootable operating system installer based on iPXE.

https://github.com/netbootxyz/netboot.xyz

Pretty useful if you have the weird job/hobby of installing multiple operating systems to “places” and you want an all-in-one bootloader to ease your pain.

#tools #installers #bootloaders #ipxe #pxe #linux

Locked #bootloaders:

Hard disagree that a lock on one's computer is somehow "good for security" unless the user, not the vendor, owns key ... and lock.

Hard disagree that vendor lock-in is in any way "good for users".

Hard disagree that less freedom to move to free software is in any way "good for users".

Hard disagree that reliance on single points of trust (i.e. failure (of trust)) is in any way "good for users".

The world needs more #Upcycling of #Smartphones!

Read how #Samsung unfortunately ruined their best idea in years while in fact "Samsung, like every manufacturer, should set their old phones free. Open up their #bootloaders. Let people use their cameras, sensors, antennas, and screens for all kinds of purposes, using whatever software people can dream up."

https://de.ifixit.com/News/50450/samsung-galaxy-upcycling-unlocked-smartphone-smarthome-project

#Android #Digital #Sustainability

Writing a bootloader that sits between shim and grub (for reasons™) was “fun”.

You have to relocate the PE image of your next stage by hand, fake up your loaded-image struct contents, determine the entry point and jump to it.

You must also use the right calling convention (define GNU_EFI_USE_MS_ABI at compile time) and _not_ tag efi_main (or wherever you jump to the next entry point from) as EFI_API.

Don't ask how long it took me to figure out those last two.

#programming #bootloaders

#BootHole : vulnérabilité au sein de certains #bootloaders !

https://blog.sosordi.net/2020/07/boothole-vulnerabilite-au-sein-de-certains-bootloaders.html

#securite #GRUB2 #SecureBoot