(C) Daily Kos This story was originally published by Daily Kos and is unaltered. . . . . . . . . . . Widespread computer security vulnerability reported [1] ['This Content Is Not Subject To Review Daily Kos Staff Prior To Publication.'] Date: 2023-12-07 Computer security researchers from Binarly have identified a widespread set of vulnerabilities that affect most Windows and Linux computers due to bugs in the boot-loader that starts the computer (before the operating system starts). Dell computers are likely not affected. The attack—dubbed LogoFAIL by the researchers who devised it—is notable for the relative ease in carrying it out, the breadth of both consumer- and enterprise-grade models that are susceptible, and the high level of control it gains over them. In many cases, LogoFAIL can be remotely executed in post-exploit situations using techniques that can’t be spotted by traditional endpoint security products. And because exploits run during the earliest stages of the boot process, they are able to bypass a host of defenses, including the industry-wide Secure Boot, Intel’s Secure Boot, and similar protections from other companies that are devised to prevent so-called bootkit infections. ... The affected parties are releasing advisories that disclose which of their products are vulnerable and where to obtain security patches. Links to advisories and a list of vulnerability designations appears at the end of this article. See the linked article for more details and context, including a video demonstration of one exploit. It’s a comprehensive article, with sections describing the implications of the exploits, how they work, how they were discovered, as well as a history of firmware exploits. Some parts of the article are pretty technical. To continue following this issue, see the author’s thread on Mastodon (@dangoodin@infosec.exchange) [END] --- [1] Url: https://www.dailykos.com/stories/2023/12/7/2210120/-Widespread-computer-security-vulnerability-reported?pm_campaign=front_page&pm_source=trending&pm_medium=web Published and (C) by Daily Kos Content appears here under this condition or license: Site content may be used for any purpose without permission unless otherwise specified. via Magical.Fish Gopher News Feeds: gopher://magical.fish/1/feeds/news/dailykos/