UEFI vulnerabilities Archives

An open padlock on a PC keyboard, with the word “FAIL” superimposed

PKfail: 800+ Major PC Models have Insecure ‘Secure Boot’

Richi Jennings | July 26, 2024 | Binarly, BIOS, BIOS update, Certificate and Key Management, hardware supply chain, key management, Key Management Problem, PKfail, Private Key Management, SB Blogwatch, secure boot, UEFI, UEFI Failing, UEFI firmware, UEFI vulnerabilities, Unified Extensible Firmware Interface (UEFI)

Big BIOS bother: Hundreds of PC models from vendors such as HP, Lenovo, Dell, Intel, Acer and Gigabyte shipped with useless boot protection—using private keys that aren’t private ...

Security Boulevard

A penguin, running towards us, beak wide open and screaming

Linux Vendors Squawk: PATCH NOW — CVSS 9.8 Bootkit Bug in shim.efi

Richi Jennings | February 8, 2024 | BIOS, CVE-2023-40547, Enterprise Linux and Open Source, Linux, open source, Open Source and Software Supply Chain Risks, open source code, Open Source Community, open source components, open source development, Open Source Ecosystem, SB Blogwatch, secure boot, shim, UEFI, UEFI Failing, UEFI vulnerabilities

Snow joke: A Microsoft researcher found it—and it’s somehow Microsoft’s fault ...

Security Boulevard

PixieFail Bugs in UEFI Open Source Implementation Threaten Computers

Jeffrey Burt | January 18, 2024 | denial of service attacks, Remote Code Execution (RCE), UEFI vulnerabilities

A collection of security vulnerabilities found within the de facto open source implementation of the UEFI specification could expose systems to a range of threats, from remote code execution (RCE) and denial-of-service ...

Security Boulevard

LogoFAIL Attack: A Deep Dive into UEFI Vulnerabilities

Rohan Timalsina | December 12, 2023 | Binarly, Cyber Threats, Cybersecurity Alert, cybersecurity defense strategies, Cybersecurity Weaknesses, enterprise security, firmware bootkits, Intel CPU Vulnerability, Linux & Open Source News, LogoFAIL, LogoFAIL Attack, security vulnerabilites, UEFI vulnerabilities

A new threat has emerged, sending shockwaves through the cybersecurity industry – the LogoFAIL attack. This vulnerability targets the image-parsing components within the UEFI code, affecting a multitude of devices and posing ...

TuxCare