For the past seven months—and likely longer—an industry-wide standard that protects Windows devices from firmware infections could be bypassed using a simple technique. On Tuesday, Microsoft finally patched the vulnerability. The status of Linux systems is still unclear. Tracked as CVE-2024-7344, the vulnerability made it possible for attackers who had already gained privileged access to… Read More »
In 2012, an industry-wide coalition of hardware and software makers adopted Secure Boot to protect Windows devices against the threat of malware that could infect the BIOS and, later, its Successor the UEFI, the firmware that loaded the operating system each time a computer booted up. Firmware-dwelling malware raises the specter of malware that infects… Read More »
Getty Images reader comments 152 Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or remove using current defense mechanisms. The attack—dubbed LogoFAIL by the researchers… Read More »
Getty Images reader comments 32 with If your organization uses servers that are equipped with baseboard management controllers from Supermicro, it may be time, once again, to patch seven high-severity vulnerabilities that attackers could exploit to gain control of them. And sorry, but the fixes must be installed manually. Typically abbreviated as BMCs, baseboard management… Read More »
Getty Images reader comments 36 with Hackers backed by the Chinese government are planting malware into routers that provides long-lasting and undetectable backdoor access to the networks of multinational companies in the US and Japan, governments in both countries said Wednesday. The hacking group, tracked under names including BlackTech, Palmerworm, Temp.Overboard, Circuit Panda, and Radio… Read More »
BeeBright/Getty Images reader comments 94 with Hiding malicious programs in a computer’s UEFI firmware, the deep-seated code that tells a PC how to load its operating system, has become an insidious trick in the toolkit of stealthy hackers. But when a motherboard manufacturer installs its own hidden backdoor in the firmware of millions of computers—and… Read More »
Enlarge (credit: Lenovo) For owners of more than 70 Lenovo laptop models, it’s time once again to patch the UEFI firmware against critical vulnerabilities that attackers can exploit to install malware that’s nearly impossible to detect or remove. The laptop maker on Tuesday released updates for three vulnerabilities that researchers found in the UEFI firmware… Read More »
Classen et al. reader comments 57 with 41 posters participating, including story author Share this story When you turn off an iPhone, it doesn’t fully power down. Chips inside the device continue to run in a low-power mode that makes it possible to locate lost or stolen devices using the Find My feature or use… Read More »
Enlarge / This is the 14-inch variant of the Yoga Slim 9i, with leather finish. reader comments 72 with 52 posters participating Share this story Lenovo has released security updates for more than 100 laptop models to fix critical vulnerabilities that make it possible for advanced hackers to surreptitiously install malicious firmware that can be… Read More »
Enlarge / Dell has released a patch for a set of vulnerabilities that left as many as 30 million devices exposed. Artur Widak | Getty Images reader comments 15 with 13 posters participating Share this story Researchers have known for years about security issues with the foundational computer code known as firmware. It’s often riddled… Read More »