Showing only posts tagged uefi. Show all posts.

Code found online exploits LogoFAIL to install Bootkitty Linux backdoor

Source

Researchers have discovered malicious code circulating in the wild that hijacks the earliest stage boot process of Linux devices by exploiting a year-old firmware vulnerability when it remains unpatched on affected models. The critical vulnerability is one of a constellation of exploitable flaws discovered last year and given the …

Secure Boot-neutering PKfail debacle is more prevalent than anyone knew

Source

Enlarge (credit: Getty Images) A supply chain failure that compromises Secure Boot protections on computing devices from across the device-making industry extends to a much larger number of models than previously known, including those used in ATMs, point-of-sale terminals, and voting machines. The debacle was the result of non-production …

Secure Boot is completely broken on 200+ models from 5 big device makers

Source

Enlarge (credit: sasha85ru | Getty Imates) In 2012, an industry-wide coalition of hardware and software makers adopted Secure Boot to protect against a long-looming security threat. The threat was the specter of malware that could infect the BIOS, the firmware that loaded the operating system each time a computer booted …

Critical vulnerability affecting most Linux distros allows for bootkits

Source

Enlarge Linux developers are in the process of patching a high-severity vulnerability that, in certain cases, allows the installation of malware that runs at the firmware level, giving infections access to the deepest parts of a device where they’re hard to detect or remove. The vulnerability resides in …

New UEFI vulnerabilities send firmware devs industry wide scrambling

Source

Enlarge (credit: Nadezhda Kozhedub) UEFI firmware from five of the leading suppliers contains vulnerabilities that allow attackers with a toehold in a user's network to infect connected devices with malware that runs at the firmware level. The vulnerabilities, which collectively have been dubbed PixieFail by the researchers who discovered …

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

Source

Enlarge (credit: Getty Images) Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or remove using current defense mechanisms. The …

Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw

Source

Enlarge (credit: Aurich Lawson | Getty Images) Researchers on Wednesday announced a major cybersecurity find—the world’s first-known instance of real-world malware that can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows. Dubbed …

Vulnerabilities allowing permanent infections affect 70 Lenovo laptop models

Source

Enlarge (credit: Lenovo) For owners of more than 70 Lenovo laptop models, it’s time once again to patch the UEFI firmware against critical vulnerabilities that attackers can exploit to install malware that’s nearly impossible to detect or remove. The laptop maker on Tuesday released updates for three …

Vulnerabilities that could allow undectable infections affect 70 Lenovo laptop models

Source

Enlarge (credit: Lenovo) For owners of more than 70 Lenovo laptop models, it’s time once again to patch the UEFI firmware against critical vulnerabilities that attackers can exploit to install malware that can be nearly impossible to detect or remove. The laptop maker on Tuesday released updates for …