Collaborate Disseminate
Quarkslab finds serious, remotely exploitable vulnerabilities in EDK II, the de-facto open source reference implementation of the UEFI spec.
The post Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation appeared first on … Continue reading Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation
Intel ME, AMT, SMT, V-Pro… All of these acronyms are kind of intimidating, all we know about them is that they are tied to remote control technologies rooted deep in …read more Continue reading Enabling Intel AMT For BIOS-over-WiFi
When there’s a vulnerability in a system library, we install updates, and go on with our lives. When there’s a vulnerability in a Java library, jars get rebuilt, and fixed …read more Continue reading This Week in Security: LogoFail, National DNS Poison, and DNA
LogoFAIL is an UEFI image parser attack allowing hackers to compromise consumer and enterprise devices using malicious logo images.
The post Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images appeared first on SecurityWeek.
Continue reading Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images
I’ve also checked with systemd-analyze pcrs if PCRs are the same at every reboot, and they are.
Only at first reboot I don’t know why the only PCRs that change are 8,9,10 lol(I don’t know why)… but in next reboots they are always the sam… Continue reading Why is my TPM bugged? If I enable checks on PCR 8,9,10, it ALWAYS asks for decryption password even if it shouldn’t [migrated]
In my laptop I’ve set up a bios password when I power on the laptop, and once I enter it the laptop starts my linux distro and decrypts the disk without asking any other password. To do this I’ve set up TPM to automatically decrypts the di… Continue reading Why the TPM PCRs does not consider a UEFI settings change? If someone resets CMOS, it’s undetected
I’ve been dealing with malware infecting all my devices.
I had Ubuntu 22.04 installed on my Dell XPS and Fedora Workstation 38 installed on my new HP Envy.
I noticed my whole Tressor was downloaded to my XPS, so I shredded the m.2 in hopes… Continue reading Is there Malware in my firmware?
As far as I understand, Secure Boot protects system from running code not signed by a specific vendor(s) during early boot stages.
In order to attempt an attack on the bootloader in the first place, an attacker would need either:
Boot fr… Continue reading What does Secure Boot protect against?
The National Security Agency (NSA) has released mitigation guidance to help organizations stave off BlackLotus UEFI bootkit infections.
The post NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections appeared first on SecurityWeek.
Continue reading NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections
I want to upload files somewhere to see exactly what their behaviour is, but I’m not sure how. One of them is an EFI file. Does anyone know some website or method, like on a virtual machine, to check what they do?