Why is this Significant?This is significant because BlackLotus malware can bypass UEFI Secure Boot giving itself less chance to be detected as the malware is executed before the operating system and traditional OS-based security solutions start.Also, BlackLotus was reportedly seen to be advertised and sold in underground forums as such use of BlackLotus will likely increase in attacks.What is BlackLotus?BlackLotus is a malware that can bypass UEFI Secure Boot feature to install itself and deploys a backdoor that allows an attacker to remotely control the compromised machines via remote commands.BlackLotus leverages CVE-2022-21894 (Secure Boot Security Feature Bypass vulnerability) to bypass UEFI Secure Boot. While the vulnerability was patched by Microsoft in regular Patch Tuesday January 2022, reportedly it can still be exploitable as the affected signed binaries are not yet in the UEFI revocation list.According to ESET, BlackLotus stops installation if machines’ locales are set to Armenia, Belarus, Kazakhstan, Moldova, Russia, and Ukraine.How Widespread is BlackLotus?There is no information available as to how widespread BlackLotus is. However, since the malware is being sold in underground forums, the use of BlackLotus is expected to pick up. What is the Status of Protection?FortiGuard Labs has the following AV signatures in place for the available samples in the report:W64/BlackLotus.A!trW64/BlackLotus.B!trW32/PossibleThreat
More Stories
USN-7045-1: libppd vulnerability
Simone Margaritelli discovered that libppd incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this...
USN-7044-1: libcupsfilters vulnerability
Simone Margaritelli discovered that libcupsfilters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this...
USN-7043-1: cups-filters vulnerabilities
Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network....
USN-7042-1: cups-browsed vulnerability
Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with...
USN-7041-1: CUPS vulnerability
Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this...
chromium-129.0.6668.70-1.fc41
FEDORA-2024-8008ddbd4e Packages in this update: chromium-129.0.6668.70-1.fc41 Update description: Update to 129.0.6668.70 High CVE-2024-9120: Use after free in Dawn High CVE-2024-9121:...