Security News
The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the...
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI)...
The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image...
Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could allow attackers to hijack poorly maintained image libraries to quietly deliver malicious payloads that bypass Secure Boot, Intel Boot Guard, AMD Hardware-Validated Boot, and others. Dubbed "LogoFail," we're told the set of vulnerabilities allows attackers to use malicious image files that are loaded by the firmware during the boot phase as a means of quietly delivering payloads such as bootkits.
Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Discovering the LogoFAIL vulnerabilities started as a small research project on attack surfaces from image-parsing components in the context of custom or outdated parsing code in UEFI firmware.
Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Discovering the LogoFAIL vulnerabilities started as a small research project on attack surfaces from image-parsing components in the context of custom or outdated parsing code in UEFI firmware.
The source code for the BlackLotus UEFI bootkit has leaked online, allowing greater insight into a malware that has caused great concern among the enterprise, governments, and the cybersecurity community. BlackLotus is a Windows-targeting UEFI bootkit that bypasses Secure Boot on fully patched Windows 11 installs, evades security software, persists on an infected system, and executes payloads with the highest level of privileges in the operating system.
The U.S. National Security Agency released today guidance on how to defend against BlackLotus UEFI bootkit malware attacks. In May, Microsoft released security updates to address a Secure Boot zero-day vulnerability that was used to bypass patches released for CVE-2022-21894, the Secure Boot bug initially abused in BlackLotus attacks last year.
Microsoft has released security updates to address a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware to infect fully patched Windows systems. According to a Microsoft Security Response Center blog post, the security flaw was used to bypass patches released for CVE-2022-21894, another Secure Boot bug abused in BlackLotus attacks last year.
Microsoft has shared guidance to help organizations check if hackers targeted or compromised machines with the BlackLotus UEFI bootkit by exploiting the CVE-2022-21894 vulnerability. Analyzing devices compromised with BlackLotus, the Microsoft Incident Response team identified several points in the malware installation and execution process that allow its detection.