- I can't recommend this rugged power station enough to drone users -- now with $340 off for Black Friday!
- Give your iPhone 16 thermal camera superpowers with this gadget
- This power station has an irreplaceable emergency feature (and now get $350 off for Black Friday)
- This ultra-thin power bank is a must-have travel gadget (grab it cheap in this Black Friday deal)
- The Jackery Explorer 1000 V2 is one of the best entry-level portable power stations (and it's now half price for Black Friday)
NSA Releases Guide to Mitigate BlackLotus Bootkit Infections
The US National Security Agency (NSA) has released a comprehensive mitigation guide to address the BlackLotus malware.
According to the document, BlackLotus exploits a boot loader flaw, known as “Baton Drop,” (CVE-2022-21894) to take control of endpoints during the early phase of software boot. It shares similarities with the BootHole malware from 2020.
While Microsoft issued patches to correct the boot loader flaw, the NSA said the tech giant did not revoke trust in unpatched boot loaders via the Secure Boot Deny List Database (DBX). This means that boot loaders vulnerable to Baton Drop are still trusted by Secure Boot, making the threat persist even after patching.
To circumvent these issues, the agency recommended several mitigation actions for infrastructure owners.
These include hardening user executable policies, monitoring the integrity of the boot partition, updating recovery media and enabling optional software mitigations.
They should also customize UEFI Secure Boot by adding DBX records to Windows endpoints or removing the Windows Production CA certificate from Linux endpoints.
The NSA guidelines also stated that it is essential for system administrators to be vigilant, as BlackLotus is not a firmware threat but targets the early stage of the boot process.
Additionally, the agency said that, while the published patches may provide some level of security, system admins should not rest in a false sense of security and advised them to implement the recommended mitigation measures.
For more information and detailed instructions, administrators can refer to the NSA’s BlackLotus Mitigation Guide and consult the resources provided by Microsoft and security researchers.
The agency concluded that it is crucial for organizations to take immediate action to protect their infrastructure from the BlackLotus malware and ensure the security of their endpoints.
The guidelines come weeks after the NSA and the Cybersecurity and Infrastructure Security Agency (CISA) released joint guidance on hardening Baseboard Management Controllers (BMCs).
