Preface: UEFI has slowly come to replace BIOS. Whereby Intel schedule to completely replace BIOS with UEFI on all chipsets by 2020.

Quote: Firmware is software, and is therefore vulnerable to the same threats that typically target software.

Technical details: From technical point of view, EFI Runtime services are usually located below 4GB. As a result it has a way into Linux on high memory EFI booting systems.

What is the different when malware alive into these areas?

• Malware injected into the address space is transient, and will be cleaned up on the next boot.
• Malware injected into the firmware flash regions is persistent, and will run on every subsequent boot

Using the follow command can display x509 v3 digital certificate and confirm thatgrubx64.efi can read (/boot/efi/EFI/fedora/)grub.cfg. Oh! It is easy to access this file when you have root privileges. But do not contempt this issue.

• sudo tree /boot/efi
• sudo hexdump -C /boot/efi/EFI/fedora/shim.efi | egrep -i -C 2 ‘grub|g.r.u.b’
• sudo strings /boot/efi/EFI/fedora/grubx64.efi | grep grub.cfg

Sound interesting. Should you have interested, please refer below guide book :NIST Special Publication 800-147 BIOS Protection Guidelines https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-147.pdf

Preface: The string of attacks last month on tankers near Hormuz. It alerting to related industry and countries about bottleneck on supply chain.

Quote: The head of Indonesian Maritime Security Agency, said it’s looking into the issue. And it doesn’t see why China raised the alert status?

From technical point of view: As a matter of fact, it is not difficult to make trouble to world by cyber attack nowadays. For example, Ransomware or exploit the vulnerability on the computer system. As far as we know, on the tankers side, it install GPS and management system. Those systems are the Windows or Linux OS base of machines. If you are belongs to marine industry especially shipping company, see whether you are require to re-cofirm the patch level of your maritime bandwidth management system. Do not let those vulnerabilities causes shipping traffic jam. For more details, please see below url for reference.

Perhaps not merely the specified vulnerability. Should you interested if the Headline news. Please refer below:

https://www.bloomberg.com/news/articles/2019-07-03/china-raises-warning-for-shipping-in-malacca-strait-people-say

Status update on 8th July 2019: U.S. Coast Guard recommendation: the maritime community can help strengthen their defenses by implementing the following basic cybersecurity measures:

• Implement network segmentation.
• Create network profiles for each employee, require unique login credentials, and limit privileges to only those necessary.
• Be wary of external media.
• Install anti-virus software.
• Keep software updated.

Preface: WPA3 protocol aim to enhance Wi-Fi security protection. Yes, it does. But something wrong with him this time.

Technology Synopsis: The very damaging DoS attack consists of clogging one peer with bogus requests with forged source IP addresses. Due to computationally intensive nature of modular exponentiation, the DH key exchange is highly vulnerable to clogging (DoS) attack.The SAE handshake of WPA3 also uses a cookie exchange procedure to mitigate clogging attacks.

Vulnerability highlights:

1. The SAE handshake of WPA3 uses a cookie exchange procedure to mitigate clogging attacks.
   But the design of the cookie exchange mechanism has technical limitation. Since everyone will receive the (supposedly secret) cookies.
2. An attacker with a rogue access point can force the client connecting to it to use WPA2’s 4-way handshake and, consequently, to get enough information to launch an offline dictionary attack.

Should you have interest, please refer to the following url: https://www.kb.cert.org/vuls/id/871675/