Network World

New attack methods can ‘brick’ systems, defeat Secure Boot, researchers say

The Secure Boot security mechanism of the Unified Extensible Firmware Interface (UEFI) can be bypassed on around half of computers that have the feature enabled in order to install bootkits, according ...
Dark Reading

Exclusive: CISA Sounds the Alarm on UEFI Security

Against the backdrop of the debacle that mitigating the BlackLotus bootkit has become, the Cybersecurity and Infrastructure Security Agency (CISA) is calling for revamped security for Unified ...
SiliconANGLE

Major security flaws found in popular UEFI firmware impact top tech companies

Researchers at French cybersecurity research company Quarkslab have discovered nine vulnerabilities in TianoCore EDK II, an open-source Unified Extensible Firmware Interface used by various hardware ...
Ars Technica

Microsoft patches Windows to eliminate Secure Boot bypass threat

For the past seven months—and likely longer—an industry-wide standard that protects Windows devices from firmware infections could be bypassed using a simple technique. On Tuesday, Microsoft finally ...
Bleeping Computer

LogoFAIL attack can install UEFI bootkits through bootup logos

Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the ...
WeLiveSecurity

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

ESET researchers have discovered a vulnerability that allows bypassing UEFI Secure Boot, affecting the majority of UEFI-based systems. This vulnerability, assigned CVE-2024-7344, was found in a UEFI ...
Bleeping Computer

FinFisher malware hijacks Windows Boot Manager with UEFI bootkit

Commercially developed FinFisher malware now can infect Windows devices using a UEFI bootkit that it injects in the Windows Boot Manager. FinFisher (also known as FinSpy and Wingbird) is a ...
CSOonline

MoonBounce UEFI implant used by spy group brings firmware security into spotlight

Researchers uncovered a stealthy UEFI rootkit that’s being used in highly targeted campaigns by a notorious Chinese cyberespionage group with suspected government ties. The group is known for using ...
Neowin

ESET found Lenovo IdeaPad, Legion and more laptops had vulnerable UEFI, security patches out

A security researcher at ESET, Martin Smolár, discovered three new security vulnerabilities in Lenovo laptops which can lead to local privilege escalation (LPE) attacks. The flaws impact several ...
TechSpot

Researchers disclose Windows "downgrade" attack as Microsoft provides a mitigation method

In a nutshell: Researchers have developed a cyberattack that reverses Windows security updates to exploit previously patched vulnerabilities. Although they cannot deploy the malware remotely, users ...
WeLiveSecurity

Bootkitty: Analyzing the first UEFI bootkit for Linux

UPDATE (December 2 nd, 2024): The bootkit described in this report seems to be part of a project created by cybersecurity students participating in Korea's Best of the Best (BoB) training program. As ...
CSOonline

New exploits can bypass Secure Boot and modern UEFI security protections

Two research groups demonstrate PC firmware vulnerabilities that are difficult to mitigate and likely to be exploited in the wild. Two teams of researchers have revealed vulnerabilities this week in ...