Browsing tag
Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as […]
PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices. “The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS,” Slovak cybersecurity firm ESET explained in a series […]
Five new security weaknesses have been disclosed in Dell BIOS that, if successfully exploited, could lead to code execution on vulnerable systems, joining the likes of firmware vulnerabilities recently uncovered in Insyde Software’s InsydeH2O and HP Unified Extensible Firmware Interface (UEFI). Tracked as CVE-2022-24415, CVE-2022-24416, CVE-2022-24419, CVE-2022-24420, and CVE-2022-24421, the high-severity vulnerabilities are rated 8.2 […]
Basic BIOS emulator/debugger for Unicorn Engine. Written to debug the XEOS Operating System boot sequence. Usage: Usage: unicorn-bios [OPTIONS] BOOT_IMG Options: –help / -h: Displays help. –memory / -m: The amount of memory to allocate for the virtual machine (in megabytes). Defaults to 64MB, minimum 2MB. –break / -b Breaks on a specific address. […]
Let’s get real. For at least once in our life, we have all gone through the hassle of searching around the web to find the right key to Enter to boot into BIOS (UEFI for all the new folks) settings for us to tinker with. As you may have already found out, Entering BIOS utility or […]
We all are aware of the cyberhacking and phishing that takes place in the digital world. And safeguarding us from petty hacks is always a few clicks away. But what about real-world hacking like literally physically hacking into the hardware. Ever thought about that? A security firm Eclypsium posted a video on Youtube shocking laptop users […]
Recently, Lenovo released security patches for the CVE-2017-3775 high-severity vulnerability in the Secure Boot function on System x servers. Information security researchers commented that standard operator settings disable signature verification, as a result, Server x BIOS / UEFI versions do not authenticate the signed code correctly before starting it. “In Lenovo’s internal tests they found that […]
Intel has addressed vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip’s SPI Flash memory, a mandatory component used during the boot-up process, information security researchers said. According to Lenovo analysts, who recently deployed the Intel fixes, “the configuration of the system firmware device (SPI flash) could […]
When it comes to cyberthreats, we in ESET-LATAM Research often see ransomware, banking trojans (especially in my home country – Brazil), botnets or worms. As a consequence, other types of dangerous malware that run inconspicuously might get less of our attention; as is the case with firmware malware or bootkits. Bootkits run before the OS […]
Short Bytes: Very often curious Windows users search the phrase “What is Last BIOS Time in my Task Manager?” Well, it’s the time taken by your computer’s UEFI firmware to initialize your hardware before the Windows OS starts booting. By paying a close attention to your PC’s boot-up process, one can tweak some UEFI settings […]
Is it a bug or is it a backdoor? Lenovo, and possibly other PC vendors, is exposed to a UEFI bug that can be exploited to disable firmware write-protection. If the claims made by Dmytro Oleksiuk at Github are correct, an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass […]