UEFI Archives

Malware & Threats

Prototype UEFI Bootkit is South Korean University Project; LogoFAIL Exploit Discovered

The 'Bootkitty' prototype UEFI bootkit contains an exploit for LogoFAIL and was created in a South Korea university program.

Ryan NaraineDecember 2, 2024

Supply Chain Security

ESET Flags Prototype UEFI Bootkit Targeting Linux

ESET warns of a new reality: “UEFI bootkits are no longer confined to Windows systems alone.”

Ryan NaraineNovember 27, 2024

Vulnerabilities

PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models

A vulnerability dubbed PKfail can allow attackers to run malicious code during the boot process, which can be used to deliver UEFI bootkits.

Eduard KovacsJuly 26, 2024

Endpoint Security

Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability

Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.

Eduard KovacsJune 20, 2024

Network Security

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation

Quarkslab finds serious, remotely exploitable vulnerabilities in EDK II, the de-facto open source reference implementation of the UEFI spec.

Ryan NaraineJanuary 16, 2024

Endpoint Security

Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images

LogoFAIL is an UEFI image parser attack allowing hackers to compromise consumer and enterprise devices using malicious logo images.

Eduard KovacsDecember 6, 2023

Malware & Threats

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections

The National Security Agency (NSA) has released mitigation guidance to help organizations stave off BlackLotus UEFI bootkit infections.

Ionut ArghireJune 23, 2023

SECURITYWEEK NETWORK:

ICS:

All posts tagged "UEFI"

Malware & Threats

Prototype UEFI Bootkit is South Korean University Project; LogoFAIL Exploit Discovered

Supply Chain Security

ESET Flags Prototype UEFI Bootkit Targeting Linux

Vulnerabilities

PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models

Endpoint Security

Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability

Network Security

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation

Endpoint Security

Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images

Malware & Threats

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections

Featured

Artificial Intelligence

The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools

Vulnerabilities

Fresh Windows NTLM Vulnerability Exploited in Attacks

Vulnerabilities

SonicWall Flags Old Vulnerability as Actively Exploited

Malware & Threats

Apple Quashes Two Zero-Days With iOS, MacOS Patches

Government

MITRE CVE Program Gets Last-Hour Funding Reprieve

Nation-State

China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games

Data Breaches

Hertz Discloses Data Breach Linked to Cleo Hack

Latest News

Cybercrime

In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged

Cybersecurity Funding

Cy4Data Labs Raises $10 Million to Secure Data in Use

Data Breaches

Events Giant Legends International Hacked

Data Breaches

Ahold Delhaize Confirms Data Stolen in Ransomware Attack

Vulnerabilities

Fresh Windows NTLM Vulnerability Exploited in Attacks

Cybercrime

Man Helped Individuals in China Get Jobs Involving Sensitive US Government Projects

Security Architecture

Demystifying Security Posture Management

Daily Briefing Newsletter