Why is this Significant?This is significant because BlackLotus malware can bypass UEFI Secure Boot giving itself less chance to be detected as the malware is executed before the operating system and traditional OS-based security solutions start.Also, BlackLotus was reportedly seen to be advertised and sold in underground forums as such use of BlackLotus will likely increase in attacks.What is BlackLotus?BlackLotus is a malware that can bypass UEFI Secure Boot feature to install itself and deploys a backdoor that allows an attacker to remotely control the compromised machines via remote commands.BlackLotus leverages CVE-2022-21894 (Secure Boot Security Feature Bypass vulnerability) to bypass UEFI Secure Boot. While the vulnerability was patched by Microsoft in regular Patch Tuesday January 2022, reportedly it can still be exploitable as the affected signed binaries are not yet in the UEFI revocation list.According to ESET, BlackLotus stops installation if machines’ locales are set to Armenia, Belarus, Kazakhstan, Moldova, Russia, and Ukraine.How Widespread is BlackLotus?There is no information available as to how widespread BlackLotus is. However, since the malware is being sold in underground forums, the use of BlackLotus is expected to pick up. What is the Status of Protection?FortiGuard Labs has the following AV signatures in place for the available samples in the report:W64/BlackLotus.A!trW64/BlackLotus.B!trW32/PossibleThreat
More Stories
chromium-129.0.6668.70-1.fc41
FEDORA-2024-8008ddbd4e Packages in this update: chromium-129.0.6668.70-1.fc41 Update description: Update to 129.0.6668.70 High CVE-2024-9120: Use after free in Dawn High CVE-2024-9121:...
USN-7040-1: ConfigObj vulnerability
It was discovered that ConfigObj contains regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue...
USN-7039-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
aws-24.0.0-3.fc41
FEDORA-2024-7908ee39a9 Packages in this update: aws-24.0.0-3.fc41 Update description: CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number...
USN-7021-3: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
aws-24.0.0-3.fc42
FEDORA-2024-b87003097a Packages in this update: aws-24.0.0-3.fc42 Update description: Automatic update for aws-24.0.0-3.fc42. Changelog * Thu Sep 26 2024 Björn Persson...