FBI and CISA cybersecurity experts: malicious hackers are trying steal sensitive information, acquire user credentials, and gain persistent access to victim networks.
Eclypsium: BootHole is a vulnerability in the GRUB2 bootloader that opens up Windows and Linux devices using Secure Boot to cyber attacks
It is called BootHole, and it’s a vulnerability in the GRUB2 bootloader that opens up Windows and Linux devices using Secure Boot to attack. It has been discovered by Eclypsium cyber security experts. Attackers exploiting this flaw can install persistent and stealthy bootkits or malware that could give them near-total control over the victim device. The vulnerability affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning virtually every Linux distribution is affected. In addition, GRUB2 supports other operating systems, kernels and hypervisors such as Xen. The problem also extends to any Windows device that uses Secure Boot with the standard Microsoft Third Party UEFI Certificate Authority. Thus the majority of laptops, desktops, servers and workstations are affected, as well as network appliances and other special purpose equipment used in industrial, healthcare, financial and other industries.