UEFI

Pierluigi Paganini January 18, 2024
PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

Experts found multiple flaws, collectively named PixieFail, in the network protocol stack of an open-source reference implementation of the UEFI. Quarkslab researchers discovered nine vulnerabilities, collectively tracked as e PixieFAIL, affecting the IPv6 network protocol stack of EDK II, TianoCore’s open source reference implementation of UEFI. Unified Extensible Firmware Interface (UEFI) is a specification that defines the […]

Pierluigi Paganini July 14, 2023
The source code of the BlackLotus UEFI Bootkit was leaked on GitHub

The source code for the BlackLotus UEFI bootkit has been published on GitHub and experts warn of the risks of proliferation of custom versions. Researchers from ESET discovered in March a new stealthy Unified Extensible Firmware Interface (UEFI) bootkit, named BlackLotus, that is able to bypass Secure Boot on Windows 11. Secure Boot is a security feature of the […]

Pierluigi Paganini March 01, 2023
BlackLotus is the first bootkit bypassing UEFI Secure Boot on Windows 11

ESET discovered a stealthy Unified Extensible Firmware Interface (UEFI) bootkit dubbed BlackLotus that is able to bypass the Secure Boot on Windows 11. Researchers from ESET discovered a new stealthy Unified Extensible Firmware Interface (UEFI) bootkit, named BlackLotus, that is able to bypass Secure Boot on Windows 11. Secure Boot is a security feature of the […]

Pierluigi Paganini November 28, 2022
A flaw in some Acer laptops can be used to bypass security features

ESET announced the discovery of a vulnerability impacting Acer laptops that can allow an attacker to deactivate UEFI Secure Boot. ESET researchers announced in a series of tweets the discovery of a vulnerability impacting Acer laptops, the issue can allow an attacker to deactivate UEFI Secure Boot. The experts explained that the flaw, tracked as […]

Pierluigi Paganini November 10, 2022
Lenovo warns of flaws that can be used to bypass security features

Lenovo fixed two high-severity flaws impacting various laptop models that could allow an attacker to deactivate UEFI Secure Boot. Lenovo has released security updates to address a couple of high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models. An attacker can exploit the flaws to disable UEFI Secure Boot. Secure Boot is a security feature […]

Pierluigi Paganini April 19, 2022
ESET warns of three flaws that affect over 100 Lenovo notebook models

Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. Lenovo has published a security advisory to warn customers of vulnerabilities that affect its Unified Extensible Firmware Interface (UEFI) loaded on at least 100 of its notebook models, including IdeaPad 3, Legion 5 Pro-16ACH6 H, and Yoga […]

Pierluigi Paganini March 09, 2022
HP addressed 16 UEFI firmware flaws impacting laptops, desktops, PoS systems

Researchers disclosed 16 high-severity flaws in different implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. Researchers from cybersecurity firm Binarly discovered 16 high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. An attacker can exploit these vulnerabilities to implant a firmware that survives […]

Pierluigi Paganini February 02, 2022
Experts found 23 flaws in UEFI firmware potentially impact millions of devices

Researchers discovered tens of vulnerabilities in UEFI firmware code used by the major device manufacturers. Researchers at firmware security company Binarly have discovered 23 vulnerabilities in UEFI firmware code used by the major device makers. The vulnerabilities could impact millions of enterprise devices, including laptops, servers, routers, and industrial control systems (ICS). All these vulnerabilities […]

Pierluigi Paganini September 29, 2021
Experts observed for the first time FinFisher infections involving usage of a UEFI bootkit

Experts spotted a new variant of the FinFisher surveillance spyware that is able to hijack and replace the Windows UEFI bootloader to infect Windows machines. Malware researchers at Kaspersky have spotted a new improvement of the infamous commercial FinSpy surveillance spyware (also known as Wingbird), it can now hijack and replace the Windows UEFI (Unified […]

Pierluigi Paganini October 05, 2020
Second-ever UEFI rootkit used in North Korea-themed attacks

A China-linked threat actor used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea. Researchers from Kaspersky have spotted a UEFI malware that was involved in attacks on organizations with an interest in North Korea. The experts were investigating several suspicious UEFI firmware images when discovered four […]