Windows 8 is remembered most for its oddball touchscreen-focused full-screen Start menu, but it also introduced a number of under-the-hood enhancements to Windows. One of those was UEFI Secure Boot, a mechanism for verifying PC bootloaders to ensure that unverified software can't be loaded at startup. Secure Boot was enabled but technically optional for Windows 8 and Windows 10, but it became a formal system requirement for installing Windows starting with Windows 11 in 2021.

Secure Boot has relied on the same security certificates to verify bootloaders since 2011, during the development cycle for Windows 8. But those original certificates are set to expire in June and October of this year, something Microsoft is highlighting in a post today.

This certificate expiration date isn't news—Microsoft and most major PC makers have been talking about it for months or years, and behind-the-scenes work to get the Windows ecosystem ready has been happening for some time. And renewing security certificates is a routine occurrence that most users only notice when something goes wrong.

Read full article

Comments

Encryption doesn’t guarantee privacy—key ownership does. This article explains how cloud-stored encryption keys let third parties unlock your data, exposing the hidden risks behind “secure” services like BitLocker and Gmail.

The post He Who Controls the Key Controls the World – Microsoft “Often” Provides BitLocker Keys to Law Enforcement appeared first on Security Boulevard.

Romania's National Directorate for Cyber Security disclosed that on Saturday a ransomware attack compromised approximately 1,000 IT systems belonging to the nation's water authority - known as Administrația Națională Apele Române. The attack impacted 10 of the country's 11 regional water basin administrations including Oradea, Cluj, Iași, Siret, and Buzău.

The attackers exploited BitLocker—a legitimate Windows encryption mechanism—for malicious purposes to lock files across the infrastructure and deliver a ransom note demanding contact within seven days.

The incident affected multiple critical systems including Geographical Information System (GIS) application servers, database servers, Windows workstations, Windows Server systems, email and web servers, and Domain Name Servers. Despite the extensive IT compromise, operational technologies remained unaffected, allowing normal operations to continue.

Hydrotechnical Structures Remain Secure

The Romanian water authority clarified that the operation of hydrotechnical structures continues solely through dispatch centers using voice communications. Hydrotechnical constructions remain secure and are operated locally by specialized personnel coordinated through dispatch centers.

The organization stressed that despite the IT infrastructure compromise, water management operations including dam control, flood management, and water distribution systems continue functioning normally through manual oversight and voice coordination protocols developed for such contingencies.

BitLocker Weaponized for Malicious Encryption

Following an initial technical evaluation, investigators determined attackers exploited BitLocker, a legitimate encryption mechanism for Windows operating systems, using it maliciously to produce file blocking through encryption across affected systems. This technique represents an evolution in ransomware tactics where threat actors leverage built-in security tools rather than deploying custom malware.

The attackers transmitted a ransom note demanding contact within seven days. The National Directorate for Cyber Security reiterated its strict policy and recommendation that ransomware attack victims will not contact or negotiate with cyber attackers to avoid encouraging and financing this criminal ecosystem.

The Cyber Express reached out to the media center of the DNSC to understand what data was compromised and which group had claimed responsibility of the attack but authorities recommended that IT teams at the National Administration of Romanian Waters or regional water administrations should not be contacted, allowing them to concentrate on restoring IT services without distraction from media inquiries or external pressure.

Also read: Russia-Linked Hybrid Campaign Targeted 2024 Elections: Romanian Prosecutor General

Infrastructure Not Protected by National Cyber Defense System

The investigation revealed that Romanian water authority infrastructure was not currently protected through the national protection system for IT infrastructures with critical importance for national security against threats from cyberspace.

Necessary procedures have now been initiated to integrate this infrastructure into systems developed by the National Cyber Intelligence Center for ensuring cyber protection of both public IT infrastructures and private ones with critical importance for national security through use of cyber intelligence technologies.

Technical teams from the Directorate, National Administration Romanian Waters, the National Cyber Intelligence Center within the Romanian Intelligence Service, affected entities, and other state authorities with competencies in cybersecurity are actively involved in investigating and limiting the impact of the cyber incident.