Secure Boot Bypass Risk Threatens Nearly 200,000 Linux Framework Laptops
Roughly 200,000 Linux-based Framework laptops shipped with a signed UEFI shell command (mm) that can be abused to bypass Secure Boot protections -- allowing attackers to load persistent bootkits like BlackLotus or HybridPetya. Framework has begun patching affected models, though some fixes and DBX updates are still pending. BleepingComputer reports: According to firmware security company Eclypsium, the problem stems from including a 'memory modify' (mm) command in legitimately signed UEFI shells that Framework shipped with its systems. The command provides direct read/write access to system memory and is intended for low-level diagnostics and firmware debugging. However, it can also be leveraged to break the Secure Boot trust chain by targeting the gSecurity2 variable, a critical component in the process of verifying the signatures of UEFI modules.
The mm command can be abused to overwrite gSecurity2 with NULL, effectively disabling signature verification. "This command writes zeros to the memory location containing the security handler pointer, effectively disabling signature verification for all subsequent module loads." The researchers also note that the attack can be automated via startup scripts to persist across reboots.
Read more of this story at Slashdot.
Meet the Aussie athlete with the 'wild' one-hour daily skincare routine no one has time for
A glamorous Australian athlete has revealed her detailed daily beauty routine.
Israel's fury grows as Hamas holds onto 20 dead hostages - and raging Donald Trump orders them to disarm or he will... 'violently'
Hamas handed over four bodies on Tuesday night, but relatives of hostages still in the clutches of the terror group took to the streets in Tel Aviv to call for the return of their loved ones.
BBC failed to mention 'hero' Palestinian prisoner who is set to be freed 'has links to deadly bomb attack'
The BBC aired a segment featuring the family of Murad Muhammad Ridha Ahmad Abu al-Rub - without initially noting his connection to the 2006 Kedumim attack, according to critics.
A royal cheers! Kate and William beam as they trial booze on surprise visit to Northern Ireland - after sharing sweet loved-up moment
Kate and Will observed the apple cider vinegar production process, before watching how the apples are pressed and bottled on site into their award-winning cider.
Driver didn't warn me I had got on the wrong coach - am I owed a refund? DEAN DUNHAM replies
Ona recent city break, my wife and I booked a trip from Ljubljana in Slovenia to Umag in Croatia, costing £40 with a big international coach firm.
Teenager stabbed schoolboy 11 times at Merseyside bus stop then knifed his girlfriend in the chest as she tried to help, court hears
A 15-year-old boy is alleged to have conducted the 'premeditated' attack in retaliation to a previous incident, in which his friend was struck with a metal pole.
Duchess to influencer: Meghan Markle reveals plans to release 'short social media films' after Netflix ended $100m deal
The Duchess of Sussex discussed life as a 'high-profile business founder' as she appeared at the summit in Washington DC on Tuesday afternoon.
NordVPN Embraces Open Source By Releasing Its Linux GUI On GitHub
BrianFagioli shares a report from NERDS.xyz: NordVPN has open sourced its Linux GUI on GitHub, giving the community full access to the code behind its graphical client. The move follows a 70 percent surge in daily active Linux users since the GUI's debut earlier this year, showing clear demand for a user friendly VPN experience on the platform. Alongside the previously open sourced command line tool, the GUI codebase is now available for anyone to audit, modify, and contribute to. While NordVPN's core backend infrastructure remains proprietary, the company says the open source release reflects its commitment to transparency and collaboration with the Linux community. The GUI can also now be installed with a single command using Snap, simplifying setup and ensuring automatic updates across distributions.
Read more of this story at Slashdot.
BBC star Owain Wyn Evans reveals he's taking time off work to recover after undergoing emergency surgery as he issues heartfelt tribute to NHS
The Radio 2 presenter, 41, took to his Instagram on Tuesday to issue a health update and to voice his gratitude for the 'amazing' NHS that took care of him.
Naga Munchetty says she struggled to open up about her chronic health condition at the BBC because 'being seen as weak is a concern'
The presenter, 50, lived with painful heavy bleeding, vomiting, fainting and severe aching every two and a half weeks for 32 years before a private doctor finally diagnosed her with Adenomyosis.
The F1 WAGs Power List: From the glamorous art student beloved by luxury brands to the Vogue cover girl with links to the Kardashians and billionaire heiress who's VERY well connected... we reveal the true 'Queen of the Paddock'
As Formula One WAGs rake in six-figure brand deals and build empires made up of millions of followers, who is the most powerful of them all?
The truth about Dan and Phil's secret relationship - and exactly why they kept it hidden for so long: Insiders reveal to MOLLY CLAYTON the sad fears that plagued the couple and the 'ring of trust' they relied on
British YouTubers Dan Howell and Phil Lester look just like the happy double act they have always been. But photos shared exclusively with the Daily Mail mark a brand new chapter.
Return our dead! Israeli fury grows and Hamas stalls on returning hostages as Trump 'violently' threatens Hamas amid fears of ceasefire
Prime minister Benjamin Netanyahu ruled out doubling the number of trucks to deliver the much-needed supplies amid mounting anger at the terror group's violation of the peace plan.
Cannabis-based drug 'is HELPING cancer patients... by giving them the munchies'
The 'exciting' results offer hope to millions of cancer patients suffering from the debilitating wasting syndrome cachexia.
I was there for my son's first breath... then I had to watch him die. He went to a party at a £1.5m farmhouse and was brutally stabbed - I had no idea teenagers were carrying knives in leafy West Sussex
It has been more than two years since Martin Cosser watched his son Charlie walk down the driveway and jump into a friend's car. Charlie, 17, never returned.
Two cabinet members 'secretly sharing concern over Trump's health'... as RFK Jr adviser breaks cover about president's noticeable symptoms
An adviser to RFK Jnr has broken cover to reveal a chilling theory about the state of Donald Trump's health.
The next global economic earthquake is set to strike and Britain is completely unprepared. I fear for all of us - and Labour's Budget plans are going to make things worse: ALEX BRUMMER
Reeves' pledges to 'fix the foundations' of the British economy have subsided. The Chancellor's refrain that she would never take the risks the Conservatives took has proved hollow.
QUENTIN LETTS: Only Starmer could utter a word like 'statespersonship' without irony...
Sir Keir Starmer, inflating himself like something rubbery and faintly spermicidal, told Kemi Badenoch she was not a 'serious statesperson'.
I was slowly losing my eyesight when my husband left after 17 years. I was consumed by terror... but what happened next will astonish you
I felt it in my bones, the shock of unlocking the door and stepping into the silent house knowing he wasn't at home and never would be again.