Security Newsletter

1 October 2018

New UEFI LoJax Malware Can Survive After OS Re-installation and Hard Disk Replacement

Security researchers from ESET found first ever APT28 group used UEFI rootkit in wild. The UEFI rootkits are hard to detect and extremely dangerous, they persist even after operating system reinstallation and even a hard disk replacement. The Unified Extensible Firmware Interface(UEFI) is a replacement for BIOS that connects computer’s firmware to its operating system.

To reach the UEFI/BIOS settings, all tools use the kernel driver of the RWEverything tool that allows modification of the settings in the firmware of almost any hardware. The driver is signed with a valid certificate. If write operations are denied, the malicious tool exploits a four-year-old race condition vulnerability in UEFI (CVE-2014-8273) to bypass the defenses. The purpose of the rootkit is just to drop malware into the Windows operating system and make sure that it executes at startup.

By enabling Secure Boot you can avoid such infection. Make sure that you are using the latest available UEFI/BIOS available for your motherboard. If your system infected Flashing UEFI/BIOS or replacing the motherboard is the only solution.

 

MacOS Mojave 10.14 Zero-Day Vulnerability - bypasses new Privacy feature

The same day Apple released its latest macOS Mojave operating system, a security researcher demonstrated a potential way to bypass new privacy implementations in macOS using just a few lines of code and access sensitive user data.

On Monday, Apple started rolling out its new macOS Mojave 10.14 operating system update to its users, which includes a number of new privacy and security controls, including authorization prompts. Wardle tweeted a video Monday showing how he was able to bypass the permission requirements on a dark-themed Mojave system by running just a few lines of code simulating a malicious app called "breakMojave," which allowed him to access to the address book and copy it to the macOS desktop.

It should be noted that the flaw does not work with all of the new privacy protection features implemented by Apple in macOS Mojave, and hardware-based components, like the webcam and microphone, are not affected. Wardle has not released details beyond just the proof-of-concept video until the company patches the issue in order to prevent abuse. Until then, Mojave users are recommended to be cautious about what apps they run.

 

Cutting room floor

 

#Tech and #Tools

This content was created by Kindred Group Security. Please share if you enjoyed!

Kindred Group in brief

Kindred is one of the largest online gambling companies in the world with over 24 million customers across 100 markets. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and as an innovation driven company that builds on trust.