Dark Reading

Trusted Apps Sneak a Bug Into the UEFI Boot Process

A vulnerability in trusted system recovery programs could allow privileged attackers to inject malware directly into the system startup process in Unified Extensible Firmware Interface (UEFI) devices.
ZDNet

Hands-On: Linux UEFI multi-boot, part two

I'm going to start this post by saying something that a lot of people will find surprising. There are a lot of things that I like about UEFI firmware and the UEFI boot process. I think it is an ...
Bleeping Computer

New UEFI Secure Boot flaw exposes systems to bootkits, patch now

A new UEFI Secure Boot bypass vulnerability tracked as CVE-2024-7344 that affects a Microsoft-signed application could be exploited to deploy bootkits even if Secure Boot protection is active. The ...
WeLiveSecurity

UEFI threats moving to the ESP: Introducing ESPecter bootkit

ESET researchers have analyzed a previously undocumented, real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which we’ve named ESPecter, can bypass Windows Driver ...
SDxCentral

VU#455367: Insecure Platform Key (PK) used in UEFI system firmware signature

A vulnerability in the user of hard-coded Platform Keys (PK) within the UEFI framework, known as PKfail, has been discovered. This flaw allows attackers to bypass critical UEFI security mechanisms ...