This is a 27 page technical analysis report outlining the iLOBleed Rootkit that was discovered by Iranian firm Amnpardoz Soft.
Industry News Articles
Threat Actor Uses HP iLO Root Kit to Wipe Servers
Cybersecurity officials from an Iranian security firm have discovered a first-of-its-kind rootkit imbedded deep inside HP iLO devices that has been used to wipe servers inside Iranian organizations. Named iLOBleed, the rootkit has been described as state-of-the-art and likely the work of a very advanced threat actor. Researchers say the attacker disguised the iLOBleed rootkit as a module for the iLO firmware, complete with a fake update UI to show admins when they tried to update the iLO firmware.
Continuity Central Predicts Weaponization of Firmware Attacks Will Lower Bar for Entry
IT information security news source
Continuity Central posted top cyber predictions for 2022. Number 3 on their list is the increasing weaponization of firmware attacks. Noting that organizations often neglect firmware and patching regiments, exploits are likely to be on the rise as cybercriminal gangs take to weaponizing threats for gain.
High Severity BIOS Flaws Affect Intel Processors, Highlighting the Failures of a Patching Only Strategy
Intel has disclosed two high-severity vulnerabilities that affect a wide range of Intel processor families, allowing threat actors and malware to gain higher privilege levels on the device.
The flaws were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158, and both have a CVSS v3 score of 8.2 (high).
Both are perfect examples of why firmware patching only works if there is a patch to apply.
Facebook and Instagram Go Dark for a Day After BGP Record Updates
Cybersecurity expert Brian Krebs says Facebook, as well as its Instagram and WhatsApp platforms, are all suffering from ongoing global outages due to someone from inside Facebook updating the company’s Border Gateway Protocol (BGP) records, which took away the map telling the world’s computers how to find its online properties. According to a New York Times reporter, employees cannot even open doors with their security cards due to the catastrophic outage.
Netgear SOHO Security Bug Allows RCE, Corporate Attacks
According to ThreatPost, Netgear reported a high-severity security bug affecting several of its small office/home office (SOHO) routers this week could allow remote code execution (RCE) via a man-in-the-middle (MiTM) attack.
The bug (CVE-2021-40847) exists in a third-party component that Netgear includes in its firmware, called Circle .
Kapersky Discovers New UEFI Firmware Boot Kit for FinSpy Spyware
Kaspersky has been tracking deployments of the spyware known as FinSpy (also known as FinFisher or Wingbird) since 2011. This infamous surveillance toolset has been historically implanted through a single-stage installer on Windows machines. Recently the Kapersky team reported several findings that focused on suspicious installers of legitimate applications that had been backdoored with a relatively small obfuscated downloader. Read more about their investigation and findings below.
Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking
A vulnerability rated a 9.8 our of 10 on the Common Vulnerability Scoring System (CVSS) was identified this week when a security researcher found a serious vulnerability in Hikvision surveillance cameras. Unpatched units are susceptible to remote hijacking by anyone with access to a couple of standard Internet ports. No username or password is needed to break in.
MIT Encourages Companies Need To Monitor All Assets to Ensure Proper Cybersecurity
50% of companies MIT surveyed reported experiencing a cyberattack from an digital asset, and 20% more anticipate one coming soon. And with new vulnerabilities hitting every 12 hours, companies need to take action. Read their recommendations here.