Coursera Acquires Udemy For $930 Million
Coursera announced on Wednesday that it will acquire rival online learning platform Udemy in an all-stock deal that values the combined company at $2.5 billion, a move that brings together two of the largest U.S.-based players in an industry that has s… Continue reading Coursera Acquires Udemy For $930 Million
Actively exploited SonicWall zero-day patched (CVE-2025-40602)
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw is being leveraged by attackers. “This vu… Continue reading Actively exploited SonicWall zero-day patched (CVE-2025-40602)
What are the correct technical terms for OS-level and application-level management of TLS and cryptographic policy?
When writing technical documentation, I want to accurately describe the different parts of an operating system that manage secure communications, such as TLS protocol versions, cipher suites, and certificate trust.
On modern operating syst… Continue reading What are the correct technical terms for OS-level and application-level management of TLS and cryptographic policy?
AI Picks Outfits With Abandon
Most of us choose our own outfits on a daily basis. [NeuroForge] decided that he’d instead offload this duty to artificial intelligence — perhaps more for the sake of a class …read more Continue reading AI Picks Outfits With Abandon
You can try Google’s new Gemini 3 Flash AI model today for free – it’s even in Search’s AI Mode
Designed to balance speed with power, the new model will bring a boost to many of the AI perks that Gemini users have already come to expect, like vibe coding and multimodality. Continue reading You can try Google’s new Gemini 3 Flash AI model today for free – it’s even in Search’s AI Mode
Google Sues Alleged Chinese Scam Group Behind Massive US Text Message Phishing Ring
Google is suing a Chinese-speaking cybercriminal group it says is responsible for a massive wave of scam text messages sent to Americans this year, according to a legal complaint filed Tuesday. From a report: The group, known as Darcula, sells software… Continue reading Google Sues Alleged Chinese Scam Group Behind Massive US Text Message Phishing Ring
Blockchain company Nomad to repay users under FTC deal after $186M cyberattack
Regulator makes various additional demands over alleged cybersecurity failings In proposing a settlement agreement, the Federal Trade Commission (FTC) says that Illusory Systems must repay users funds lost in a 2022 cyberattack.… Continue reading Blockchain company Nomad to repay users under FTC deal after $186M cyberattack
PwC on securing AI: building trust, compliance and confidence at scale
Buckle up to innovate at speed, says PwC Sponsored Post As AI spreads across the enterprise, so too do the security and compliance risks. Regulations are evolving, risk postures are shifting, and organizations must find a way to innovate responsibly w… Continue reading PwC on securing AI: building trust, compliance and confidence at scale
VU#382314: Vulnerability in UEFI firmware modules prevents IOMMU initialization on some UEFI-based motherboards
Overview
A newly identified vulnerability in some UEFI-supported motherboard models leaves systems vulnerable to early-boot DMA attacks across architectures that implement UEFI and IOMMU. Although the firmware indicates that DMA protection is active, it fails to correctly initialize the IOMMU. Therefore, a malicious PCIe device with physical access can read or modify system memory before the operating system’s defenses load. This exposes sensitive data and enables pre-boot code injection on affected systems running unpatched firmware.
Description
Modern systems rely on UEFI firmware and the Input–Output Memory Management Unit (IOMMU) to establish a secure foundation before the operating system loads. UEFI initializes hardware and enforces early security policies while the IOMMU restricts peripheral devices from performing unauthorized memory accesses. Together, these components help ensure that direct memory access (DMA)-capable devices cannot tamper with or inspect system memory during the critical pre-boot phase.
A vulnerability discovered in certain UEFI implementations arises from a discrepancy between reported and actual DMA protection. Even though firmware asserts that DMA protections are active, it fails to properly configure and enable the IOMMU during the early hand-off phase in the boot sequence. This gap allows a malicious DMA-capable Peripheral Component Interconnect Express (PCIe) device with physical access to read or modify system memory before operating system-level safeguards are established. As a result, attackers could potentially access sensitive data in memory or influence the initial state of the system, thus undermining the integrity of the boot process.
Vendors whose products are affected have begun releasing firmware updates to correct the IOMMU initialization sequence and properly enforce DMA protections throughout boot. Users and administrators should apply these updates as soon as they become available to ensure their systems are not exposed to this class of pre-boot DMA attacks. In environments where physical access cannot be fully controlled or relied on, prompt patching and adherence to hardware security best practices are especially important. Because the IOMMU also plays a foundational role in isolation and trust delegation in virtualized and cloud environments, this flaw highlights the importance of ensuring correct firmware configuration even on systems not typically used in data centers.
Impact
Improper IOMMU initialization in UEFI firmware on some UEFI-based motherboards from multiple vendors allows a physically present attacker using a DMA-capable PCIe device to bypass early-boot memory protection. The attacker could access or alter system memory via DMA transactions processed before the operating system enables its security controls.
Solution
Users and administrators should apply the latest firmware updates as soon as they become available as these patches correct the IOMMU initialization issue and restore proper DMA protections during early boot. Because multiple vendors are affected and updates are being released on varying timelines, customers should regularly monitor the Vendor Information section for newly published advisories and updated firmware packages. Environments where physical access is difficult to control should prioritize patching promptly to reduce exposure to pre-boot DMA attacks.
Acknowledgements
Thanks to reporter Nick Peterson and Mohamed Al-Sharifi of Riot Games for identifying this issue and working with vendor teams and the Taiwanese CERT to coordinate the response and reach affected product vendors. This document was written by Vijay Sarvepalli.