腾讯网

Linux 启动漏洞可绕过现代 Linux 系统的安全启动保护

现代Linux发行版存在一个重大漏洞,攻击者通过短暂物理接触即可利用initramfs(初始内存文件系统)操控绕过安全启动(Secure Boot)保护机制。 该攻击利用系统启动失败时可访问的调试shell,注入持久性恶意软件,这些恶意软件可在系统重启后继续存活,即使用户 ...
Hackaday

This Week In Security: Sharepoint, Initramfs, And More

There was a disturbance in the enterprise security world, and it started with a Pwn2Own Berlin. [Khoa Dinh] and the team at Viettel Cyber Security discovered a pair of vulnerabilities in Microsoft’s ...