Vulnerable DTResearch UEFI firmware applications can be used in BYOVD attacks to bypass Secure Boot.
The post Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices appeared first on SecurityWeek.
PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models
A vulnerability dubbed PKfail can allow attackers to run malicious code during the boot process, which can be used to deliver UEFI bootkits.
The post PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models appeared first on SecurityWeek.
Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability
Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.
The post Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability appeared first on SecurityWeek.
Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation
Quarkslab finds serious, remotely exploitable vulnerabilities in EDK II, the de-facto open source reference implementation of the UEFI spec.
The post Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation appeared first on SecurityWeek.
Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images
LogoFAIL is an UEFI image parser attack allowing hackers to compromise consumer and enterprise devices using malicious logo images.
The post Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images appeared first on SecurityWeek.
NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections
The National Security Agency (NSA) has released mitigation guidance to help organizations stave off BlackLotus UEFI bootkit infections.
The post NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections appeared first on SecurityWeek.