UEFI firmware vulnerabilities hit enterprise environments worldwide
Nine vulnerabilities in EDK II hit enterprise environments worldwide. Researchers at France's Quarkslab discovered that this open-source standard for the UEFI specification can be abused by malicious actors. These exploits are then very difficult to detect or remove.
The nine vulnerabilities are... Read more
CISA concerned about bootloader malware that makes your PC garbage
CISA warns of an attack that abuses a component that every computer contains: the bootloader. A type of malware is spread that targets the Unified Extensible Firmware Interface (UEFI).
UEFI-based malware has already been used in the BlackLotus campaign. This campaign came on the radar of cybers... Read more
Microsoft is rolling out a series of fixes for 0-day Secure Boot bug
According to Microsoft's planning, the entire bug fix process will take a year to complete.
This week Ars Technica reported on Microsoft's latest plan to eliminate a serious vulnerability affecting the boot process on various types of Windows machines. The vulnerability can be exploited by a pie... Read more
MSI leak undermines UEFI/BIOS security, what can you do?
April's MSI hack led to the distribution of Intel Boot Guard keys on the dark web. The leak allows malicious actors to create UEFI/BIOS firmware that gets past a key security layer on countless PCs.
A ransomware attack led to the loss of 1.5 terabytes of data at MSI in April, which the attackers... Read more
Over 100 Lenovo laptop models have security flaws
On Tuesday, Lenovo announced security patches for more than 100 laptop models to address significant vulnerabilities that allow sophisticated hackers to install malicious software that is nearly hard to delete or detect in some circumstances.
Hackers may be able to change a computer's ... Read more
Major BIOS/UEFI vulnerabilities affect Microsoft, Intel, Lenovo, and others
Security researchers have found 23 major vulnerabilities in BIOS/UEFI software. The software is present in systems from major vendors such as Intel, Microsoft, Lenovo, Dell, Fujitsu, HP, HPE and Siemens.
Binarly found the vulnerabilities after the discovery of MoonBounce, a new malware family. T... Read more
Microsoft Defender ATP gets built-in firmware protection
Microsoft already offered firmware protection in so called secured-core computers, which have a hardware root of trust. Now the tech giant goes a step further by adding firmware protectoin to Microsoft Defender ATP (advanced threat protection).
The secured-core PCs were Microsoft's answer to the... Read more