Monday, April 19, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Linux distros fix new Boothole bug

July 30, 2020
in Internet Security
Linux distros fix new Boothole bug
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Secure boot, despite the name, isn’t as secure as we’d like. Security company Eclypsium discovered a security hole in GRUB2: Boothole. Linux users know GRUB2 as one of the most commonly used bootloaders. As such, this security problem makes any machine potentially vulnerable to a possible attack — the keyword is “potentially.”

BootHole enables hackers to insert and execute malicious code during the boot-loading process. Once planted there, the nasty bootkit payload can allow attackers to plant code that later take over the operating system. Fortunately, Linux distro developers were warned of this problem, and most of them have already issued patches. 

You might also like

Security crucial as 5G connects more industries, devices

Google releases Chrome 90 with HTTPS by default and security fixes

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

Besides, to use BootHole, a hacker has to edit grub.cfg, the GRUB2 configuration file. Therefore, to successfully attack a Linux system, an attacker must already have root-level access to the target system. Practically speaking, such a hacker has already compromised the system. With such access, attackers can modify grub.cfg values to trigger a buffer overflow, which can then be used to insert a malware payload.

While Eclypsium found the initial GRUB2 problem, Linux developers found other trouble hiding within GRUB2. Joe McManus, Canonical’s security engineering director, said:

Thanks to Eclypsium, we at Canonical, along with the rest of the open-source community, have updated GRUB2 to defend against this vulnerability. During this process, we identified seven additional vulnerabilities in GRUB2, which will also be fixed in the updates released today. The attack itself is not a remote exploit and it requires the attacker to have root privileges. With that in mind, we do not see it being a popular vulnerability used in the wild. However, this effort really exemplifies the spirit of community that makes open source software so secure.”  

Red Hat is also on the case. Peter Allor, Red Hat’s director of productsSecurity, said:

“Red Hat is aware of a flaw (CVE-2020-10713) in GRUB 2.  Product Security has conducted a thorough analysis and understands not only how this flaw impacts Red Hat products, but most importantly how this impacts the Linux kernel. Our PSIRT has been working closely with engineering, cross-functional teams, the Linux community as well as our industry partners to deliver currently available updates for affected Red Hat products, including Red Hat Enterprise Linux.”

Marcus Meissner, the lead of the SUSE Security Team, points out, however, that while the problem is serious and needs patching, it’s not that bad. He observed:

“Given the need for root access to the bootloader, the described attack appears to have limited relevance for most cloud computing, data center, and personal device scenarios, unless these systems are already compromised by another known attack. However, it does create an exposure when untrusted users can access a machine, e.g. bad actors in classified computing scenarios or computers in public spaces operating in unattended kiosk mode.”

So, the moral of the story is that, while you should patch your Linux system, this security hole is really only a problem in a very few limited situations. 

Related Stories:

Credit: Zdnet

Previous Post

Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems

Next Post

How to Turn Live Events Into Digital and Hybrid Experiences

Related Posts

Security crucial as 5G connects more industries, devices
Internet Security

Security crucial as 5G connects more industries, devices

April 17, 2021
Google releases Chrome 90 with HTTPS by default and security fixes
Internet Security

Google releases Chrome 90 with HTTPS by default and security fixes

April 17, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

April 17, 2021
Google Project Zero testing 30-day grace period on bug details to boost user patching
Internet Security

Google Project Zero testing 30-day grace period on bug details to boost user patching

April 17, 2021
Cyberattack on UK university knocks out online learning, Teams and Zoom
Internet Security

Cyberattack on UK university knocks out online learning, Teams and Zoom

April 17, 2021
Next Post
How to Turn Live Events Into Digital and Hybrid Experiences

How to Turn Live Events Into Digital and Hybrid Experiences

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Machine Learning Helps Optimize Therapeutic Antibodies
Machine Learning

Machine Learning Helps Optimize Therapeutic Antibodies

April 18, 2021
Researchers at MIT DAI Lab Have Recently Built Cardea: A Machine Learning Framework That Turns Health Care Data Into Insights
Machine Learning

Researchers at MIT DAI Lab Have Recently Built Cardea: A Machine Learning Framework That Turns Health Care Data Into Insights

April 18, 2021
Automating Drug Discovery With Machine Learning
Machine Learning

Automating Drug Discovery With Machine Learning

April 18, 2021
Twitter aims to fight bias by examining its own machine learning algorithms
Machine Learning

Twitter aims to fight bias by examining its own machine learning algorithms

April 18, 2021
Make Machine Learning Interpretable with Shapash
Machine Learning

Make Machine Learning Interpretable with Shapash

April 18, 2021
Why the Patent Classification System Needs an Update
Machine Learning

Why the Patent Classification System Needs an Update

April 18, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Machine Learning Helps Optimize Therapeutic Antibodies April 18, 2021
  • Researchers at MIT DAI Lab Have Recently Built Cardea: A Machine Learning Framework That Turns Health Care Data Into Insights April 18, 2021
  • Automating Drug Discovery With Machine Learning April 18, 2021
  • Twitter aims to fight bias by examining its own machine learning algorithms April 18, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates