home.social

#binarly — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #binarly, aggregated by home.social.

  1. Right a few days before I'll be talking about patterns in DRAM init at #GPN23, #Binarly are posting on their type inference tooling:
    binarly.io/blog/type-inference

    Will definitely mention this. :)

  2. Thanks to #Binarly for Sponsoring #OST2 at the Gold🥇 level!
    Learn more about them here: binarly.io/

  3. Binarly secured $10.5M in seed funding led by Two Bear Capital. Binarly specialises in AI-powered firmware and software supply chain security, identifying vulnerabilities and malicious code in devices to enhance security. #binarly #ai #supplychain #supply #supplier #funding #investment #security #code #vulnerabilities #shipment #transportation #logistics #transport #secure

  4. Binarly secured $10.5M in seed funding led by Two Bear Capital. Binarly specialises in AI-powered firmware and software supply chain security, identifying vulnerabilities and malicious code in devices to enhance security. #binarly #ai #supplychain #supply #supplier #funding #investment #security #code #vulnerabilities #shipment #transportation #logistics #transport #secure

  5. Binarly secured $10.5M in seed funding led by Two Bear Capital. Binarly specialises in AI-powered firmware and software supply chain security, identifying vulnerabilities and malicious code in devices to enhance security. #binarly #ai #supplychain #supply #supplier #funding #investment #security #code #vulnerabilities #shipment #transportation #logistics #transport #secure

  6. "🚨 UEFI Under Threat: The LogoFAIL Vulnerability 🚨"

    A recent security report has brought attention to LogoFAIL, a collection of vulnerabilities that pose a substantial risk to devices utilizing UEFI firmware. These vulnerabilities enable attackers to install UEFI bootkits by leveraging weaknesses in the image-parsing components utilized by various vendors in their firmware. LogoFAIL's impact is widespread, affecting a broad range of devices across x86 and ARM architectures, including products from prominent manufacturers such as Intel, Acer, and Lenovo.

    Researchers at Binarly have uncovered that malicious payloads can be executed by injecting image files into the EFI System Partition (ESP), effectively evading security features like Secure Boot. This method of attack ensures the persistence of malware on the system, rendering it virtually undetected. LogoFAIL's full scope of impact is still being assessed, but it is already evident that it poses a significant threat to both consumer and enterprise-grade devices, as it bypasses security mechanisms designed to protect UEFI systems.

    Source: BlackHat talk and Bill Toulas, BleepingComputer

    MITRE ATT&CK Reference for UEFI Vulnerabilities: T1588.006

    Tags: #CyberSecurity #UEFI #Vulnerability #LogoFAIL #Bootkit #SecureBoot #FirmwareSecurity #Binarly #DeviceSecurity 🚨💻🔒

  7. Недавно Lenovo обновила BIOS'ы для своих устройств. Мне прилетело обновление через их Lenovo Vantage.

    Крайне рекомендую обновиться, закрыты серьезные уязвимости (support.lenovo.com/fr/en/produ):
    * CVE-2021-3452: A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

    * CVE-2021-3453: Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

    * CVE-2021-3614: A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.

    Немного подробностей от исследователей:
    * github.com/binarly-io/Vulnerab
    * github.com/binarly-io/Vulnerab

    #Lenovo #ThinkPad #BINARLY #efiXplorer #matrosov