Every other day, hackers are out there committing a new attack, exploiting a vulnerability, or attempting to extort people with ransomware. MSI is the latest victim, with hackers disclosing material acquired from a last-month breach of MSI’s systems.
This has the potential to be a major situation. According to tweets from Binarly founder Alex Matrosov, at least some of the previously stolen 1.5TB of data has been vulnerable. Private keys, some of which seem to be Intel Boot Guard keys, are included in the data. The leak of such keys affects not only MSI computers but also those from other vendors like Lenovo and Supermicro. Supermicro reached out to PC Gamer stating that based on its current review, its products are not affected by this breach.
Boot Guard is a cryptographic system that prevents fraudulent UEFI firmware or modified BIOS from being executed on PCs. Bypassing these checks, an attacker could acquire complete access to a system, access secure data, or utilize it for any variety of illicit activities.
Given the potential of so-called secondary downloads, the use of UEFI keys is especially concerning. Using typical phishing or email delivery strategies, any malware produced as a result of a firmware update including these keys would appear genuine, and antivirus software would ignore it.
T
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: