Security News
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
A newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo already releasing new firmware updates to resolve the flaw. Due to the large number of Intel CPUs using this firmware, the vulnerability has the potential to impact hundreds of models from Lenovo, Dell, Acer, and HP. UEFI firmware is considered more secure as it includes Secure Boot, which is supported by all modern operating systems, including Windows, macOS, and Linux.
Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors....
The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the...
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI)...
The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image...
Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could allow attackers to hijack poorly maintained image libraries to quietly deliver malicious payloads that bypass Secure Boot, Intel Boot Guard, AMD Hardware-Validated Boot, and others. Dubbed "LogoFail," we're told the set of vulnerabilities allows attackers to use malicious image files that are loaded by the firmware during the boot phase as a means of quietly delivering payloads such as bootkits.
Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Discovering the LogoFAIL vulnerabilities started as a small research project on attack surfaces from image-parsing components in the context of custom or outdated parsing code in UEFI firmware.
Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Discovering the LogoFAIL vulnerabilities started as a small research project on attack surfaces from image-parsing components in the context of custom or outdated parsing code in UEFI firmware.
The source code for the BlackLotus UEFI bootkit has leaked online, allowing greater insight into a malware that has caused great concern among the enterprise, governments, and the cybersecurity community. BlackLotus is a Windows-targeting UEFI bootkit that bypasses Secure Boot on fully patched Windows 11 installs, evades security software, persists on an infected system, and executes payloads with the highest level of privileges in the operating system.