December 2, 2024 at 05:34PM Researchers have discovered “Bootkitty,” a proof-of-concept UEFI bootkit for Linux, developed by Korean students for cybersecurity training. Although still unfinished, it exploits vulnerabilities allowing it to bypass Secure Boot. This notable malware indicates a shift in bootkit attacks targeting Linux systems, previously dominated by Windows-focused malware. ### Meeting Takeaways: 1. … Read more
November 27, 2024 at 12:43PM A new UEFI bootkit designed to target Linux systems has been identified, indicating a significant change in the landscape of stealthy and difficult-to-remove bootkit threats, which have primarily been aimed at Windows platforms until now. **Meeting Takeaways:** – A new UEFI bootkit has been identified that specifically targets Linux systems. … Read more
June 20, 2024 at 10:58AM Cybersecurity researchers have disclosed a now-patched security flaw in Phoenix SecureCore UEFI firmware affecting multiple Intel Core processor families. Tracked as CVE-2024-0762 with a CVSS score of 7.5, the “UEFIcanhazbufferoverflow” vulnerability allowed a local attacker to execute malicious code within the firmware, impacting devices using Phoenix SecureCore firmware on select … Read more
February 7, 2024 at 10:57AM A critical vulnerability in the Shim Linux bootloader allows attackers to execute code and take control of a system before the kernel loads, bypassing existing security measures. The flaw, known as CVE-2023-40547, was identified by Microsoft’s Bill Demirkapi. It can be exploited through various attack points and affects Linux distributions … Read more
January 21, 2024 at 09:37PM “Pompourin,” former admin of BreachForums, sentenced to 20 years supervised release after pleading guilty to running a site facilitating sales of stolen data, hacking tools, and illegal materials. New UEFI vulnerabilities, PixieFail, impact network booting, involving several vendors. Also critical Chrome and Ivanti Endpoint Manager Mobile vulnerabilities. Researchers discover iOS … Read more
January 18, 2024 at 05:03AM Multiple security vulnerabilities in the TCP/IP network protocol stack of an open-source UEFI firmware are collectively dubbed PixieFail. These issues could be exploited to achieve remote code execution, denial-of-service, DNS cache poisoning, and leakage of sensitive information. Various firms’ UEFI firmware are impacted, and the CERT Coordination Center provided advisory … Read more
January 16, 2024 at 12:19PM A set of nine vulnerabilities, named ‘PixieFail,’ impact Tianocore’s EDK II, an open-source implementation of the UEFI spec widely used in enterprise computers. The flaws, discovered by Quarkslab, affect the PXE boot process and expose systems to DoS, RCE, network session hijacking, and other attacks. Multiple vendors, including major tech … Read more
January 16, 2024 at 09:12AM Quarkslab discovered multiple critical vulnerabilities in the EDK II network stack, posing a risk of remote code execution attacks. These vulnerabilities, known as PixieFAIL, affect the PXE implementation and are utilized by various vendors, including Microsoft. Quarkslab released proof-of-concept code for the vulnerabilities and anticipates the CERT Coordination Center to … Read more
December 4, 2023 at 03:06AM UEFI firmware from various vendors contains high-impact flaws in image parsing libraries, dubbed LogoFAIL by Binarly, which can be exploited to bypass security measures like Secure Boot and deliver persistent malware during boot-up using malicious logo images. The widespread vulnerabilities, affecting many x86 and ARM devices, will be detailed at … Read more