DTX Manchester DTX Manchester
  • About Us
Friday, 5 March, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

BootHole vulnerability in Linux systems renders servers unbootable

by Sabina
August 14, 2020
in Cyber Bites
vulnerability
Share on FacebookShare on Twitter

It was reported this week by Naked Security that Linux systems are affected by a vulnerability that can render those Linux servers unbootable.

BootHole leverages a vulnerability in both GRUB2 and Secure Boot, explains TechRepublic. To make BootHole a bit more daunting, it’s actually a really easy hack to pull off. The only thing blocking ne’er do wells from making it happen is having remote access to the server. Once inside, however, all an attacker would have to do is edit the grub.cfg file in such a way as to pass a token too large for the flex parse buffer. And because grub.cfg isn’t signed, changes to the file aren’t checked.

When this happens, your Linux server won’t boot.

Of course, because this is open source, the patches came within a few days of the BootHole discovery. Those patches come in the form of shim files that can be applied.

Commenting on the news, Lamar Bailey, senior director of security at Tripwire, stated:

This vulnerability is limited to Linux based devices that us GRUB. The successfully exploit to vulnerability an attacker would need to gain root privileges then edit thee grub.cfg file to cause a buffer overflow and try to execute code. Following basic security hygiene greatly lowers the real-world risk here.

  • Don’t login as Root
  • Use file integrity monitoring to alert if key system fiels have been changed
  • Remediate vulnerabilities

Keith Geraghty, solutions architect at Edgescan, added some further insight on how to mitigate the risk posed by this funnily named bug:

In an ideal world we shouldn’t see the word “legacy” in the boot options. Back when I used to build servers I would need to disable secure boot so I could boot into my deployment disk to kick off my build. It would be down to me to ensure I re-enable secure boot after I complete the build. Manual steps such as this can become tedious when building hundreds of devices at a time.

What’s strange is that unlike notifications for patching and insecure software we don’t get notifications from vendors to review boot options. Why is this? CISO’s should implement CIS benchmark standards well before the build process starts so that internal pipelines can be adjusted to align correctly. We also see that Boot options are typically an oversight in the QA process of a build. We need to see them front and centre. If we can’t help secure the very step for powering on a machine, we are undermining all the great work we done securing our OS, Network and Applications.

Some practical steps to take

  • Ensure a BIOS review forms part of your build and QA process and ensure secure boot is on. If it’s not, ask why
  • Ensure best practice such as the CIS standards are followed
  • Password protect the BIOS
  • Review who has root-level access to your servers
  • Check regularly for updates to the GRUB Bootloader
0 0 vote
Article Rating
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Researchers uncover critical flaw within Amazon Alexa which can lead to stolen voice history and data

Next Post

Data breaches in the healthcare sector down by 10% in the first half of 2020

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Fraud attempts skyrocketed in 2020 according to latest Financial Crime Report from Feedzai

Fraud attempts skyrocketed in 2020 according to latest Financial Crime Report from Feedzai

March 4, 2021

Top 10 awards to enter for cybersecurity 

March 3, 2021
Medal

Identity theft: US Congressional Medal of Honor

March 3, 2021
Dripping tap

Learning from past hacking attacks

March 2, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept