Some signed third-party bootloaders for the Unified Extensible Firmware Interface (UEFI) could allow attackers to execute unauthorized code in an early stage of the boot process, before the operating ...

Lenovo is warning of high-severity BIOS flaws that could let attackers bypass Secure Boot on all-in-one desktops using customized Insyde UEFI firmware. Devices confirmed to be impacted are IdeaCentre ...

A system can still boot normally while quietly falling into a degraded security state.

A vulnerability in the user of hard-coded Platform Keys (PK) within the UEFI framework, known as PKfail, has been discovered. This flaw allows attackers to bypass critical UEFI security mechanisms ...

The vulnerabilities were introduced when Lenovo inadvertently included an early development driver in the commercial versions of their software. Lenovo has released fixes for high-severity bios ...

The functionality of the bootkit and its individual features make ESET Research believe that it is a threat known as BlackLotus, a UEFI bootkit that has been sold on hacking forums for USD$5,000 since ...

A Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus is found to be capable of bypassing an essential platform security feature, UEFI Secure Boot, according to researchers from ...

Why it matters: Secure Boot is a technology designed to protect the PC boot chain and avoid running a tampered operating system. A firmware update released by MSI, however, changed the feature ...