logofail – Weekly Geek

Code found online exploits LogoFAIL to install Bootkitty Linux backdoor

Normally, Secure Boot prevents the UEFI from running all subsequent files unless they bear a digital signature certifying those files are trusted by the device maker. The exploit bypasses this protection by injecting shell code stashed in a malicious bitmap image displayed by the UEFI during the boot-up process. The injected code installs a cryptographic key… Read More »

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

Getty Images reader comments 152 Hundreds of Windows and Linux computer models from virtually all hardware makers are vulnerable to a new attack that executes malicious firmware early in the boot-up sequence, a feat that allows infections that are nearly impossible to detect or remove using current defense mechanisms. The attack—dubbed LogoFAIL by the researchers… Read More »