Security News: BooHole, Dell vulnerability, Linux – Malware, Hidden Cobra

Security News: BooHole, Dell vulnerability, Linux – Malware, Hidden Cobra

31. Juli 2020 0 Von Horst Buchwald

Security News: BooHole, Dell vulnerability, Linux – Malware, Hidden Cobra

►Große High-tech companies such as Microsoft, HP and VMware are warning of a serious bug called BootHole. The bug affects the GRUB2 boot loader, which is used by most Linux systems and Windows devices that use the UEFI Secure Boot. An attacker could exploit this flaw to launch a random attack and take control of the operating system boot process. Eclypsium researchers who discovered the bug also warned that it could affect more than a billion devices.

HP said that many of its PCs and other devices are vulnerable to the bug and that it provides a SoftPaq to update the UEFI FW dbx.

Microsoft pointed out that the BootHole error affects Windows 10, 8.1, Server 2012, Server 2016, Server 2019, and server versions 1903, 1909, and 2004. The company recommends that users change their UEFI settings until a security update is available.

►Red Hat reported that the bug affects Red Hat Enterprise Linux 7 and 8, Atomic Host and the OpenShift Container Platform 4 (RHEL CoreOS). The company advises users to update kernel, fwupdate, fwupd, shim, and dbxtool packages that contain newly validated keys and certificates. VMware added that the BootHole bug affects Photo OS when configured with Secure Boot and that it will release a security update soon.

►Dell EMC has fixed a high-level vulnerability in its PowerEdge server that could allow an attacker to take control of server operations, researchers from Positive Technologies warned. The path traversal flaw is in the Dell EMC iDRAC remote access controller. iDRAC is offered as an option on most current Dell servers; Dell is the world’s leading provider of servers. The Path Traversal vulnerability is a top security bug according to researchers. Recently, two path traversal bugs were found in the Zoom application that could allow hackers to take control of devices.

►Die new Linux malware from TrickBot, Anchor, can covertly infect Windows devices, warned Advanced Intel researcher Vitali Kremez. Anchor acts as a backdoor on an infected Linux device, allowing the attacker to panic to Windows devices on the same network. Many IoT devices run on Linux and could be a target for Anchor malware.

The TrickBot group added a stealthy backdoor feature called BazarBackdoor to their phishing email campaign earlier this year. TrickBot is a Russian-based group that initially focused on bank fraud activities.

►Zwischen In late March and late May, North Korean hackers used phishing scams to target U.S. defense and aerospace companies offering fake job offers, according to security firm McAfee. The aim of the attacks was to infect the companies‘ networks with malware and steal confidential data. The malware is able to bypass network defenses and connect to the group’s remote command and control server. – The attackers were associated with Hidden Cobra, a term the U.S. government uses to describe all hacker groups of the North Korean government. In May, the Cybersecurity and Infrastructure Security Agency released three malware analysis reports on variants used by the North Korean government.