GIGAZINE

'PixieFail' UEFI firmware vulnerability allows attackers in the network to infect devices with malware, a big problem for clouds and data centers

A total of nine vulnerabilities were discovered in TianoCore EDK II, Intel's UEFI reference implementation. The series of vulnerabilities, collectively named ``PixieFail,'' are said to allow an ...
Make Tech Easier

Your Windows Secure Boot Certificates are Expiring Soon: Here’s How to Update to the Latest

Microsoft is taking its time with the boot certificate rollout, but you don't have to. Activate the latest UEFI CA 2023 right now.
WeLiveSecurity

Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344

ESET researchers have discovered a vulnerability that allows bypassing UEFI Secure Boot, affecting the majority of UEFI-based systems. This vulnerability, assigned CVE-2024-7344, was found in a UEFI ...
CRN

Lenovo Resolves UEFI Firmware Issues That Could Turn Off Secure Boot

The vulnerabilities were introduced when Lenovo inadvertently included an early development driver in the commercial versions of their software. Lenovo has released fixes for high-severity bios ...
Bleeping Computer

BlackLotus bootkit bypasses UEFI Secure Boot on patched Windows 11

The developers of the BlackLotus UEFI bootkit have improved the malware with Secure Boot bypass capabilities that allow it to infect even fully patched Windows 11 systems. BlackLotus is the first ...
Hackaday

Linux Fu: UEFI Booting

Unless your computer is pretty old, it probably uses UEFI (Unified Extensible Firmware Interface) to boot. The idea is that a bootloader picks up files from an EFI partition and uses them to start ...
Bleeping Computer

BootKitty UEFI malware exploits LogoFAIL to infect Linux systems

Update added below about this bootkit being created by students in Korea's Best of the Best (BoB) cybersecurity training program. The recently uncovered 'Bootkitty' Linux UEFI bootkit exploits the ...