CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. Although on paper they may seem attractive to attackers, creating them poses significant technical challenges and the slightest programming error has the potential to completely Read More …

UEFI firmware vulnerabilities affect at least 25 computer vendors

Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer. UEFI (Unified Extensible Firmware Interface) software Read More …

Supermicro, Pulse Secure release fixes for ‘TrickBoot’ attacks

Supermicro and Pulse Secure have released advisories warning that some of their motherboards are vulnerable to the TrickBot malware’s UEFI firmware-infecting module, known as TrickBoot. Last year, cybersecurity firms Advanced Intelligence and Eclypsium released a joint report about a new Read More …

TrickBot’s new module aims to infect your UEFI firmware

The developers of TrickBot have created a new module that probes for UEFI vulnerabilities, demonstrating the actor’s effort to take attacks at a level that would give them ultimate control over infected machines. With access to UEFI firmware, a threat Read More …

LoJax rootkit used by Russian-linked Fancy Bear has been silently active since 2016

Researchers have discovered that LoJax, the malware that formed the foundation for devastating Fancy Bear attacks in 2018, has been silently active for years. Use of this infrastructure by the Russian-linked hacking group was exposed in September 2018, just a Read More …

First-Ever UEFI Rootkit Tied to Sednit APT

Researchers hunting cyber-espionage group Sednit (an APT also known as Sofacy, Fancy Bear and APT28) say they have discovered the first-ever instance of a rootkit targeting the Windows Unified Extensible Firmware Interface (UEFI) in successful attacks. The discussion of Sednit was part of the 35C3 Read More …

Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild

Cybersecurity researchers at ESET have unveiled what they claim to be the first-ever UEFI rootkit being used in the wild, allowing hackers to implant persistent malware on the targeted computers that could survive a complete hard-drive wipe. Dubbed LoJax, the UEFI Read More …