article thumbnail

BlackLotus is the first bootkit bypassing UEFI Secure Boot on Windows 11

Security Affairs

ESET discovered a stealthy Unified Extensible Firmware Interface (UEFI) bootkit dubbed BlackLotus that is able to bypass the Secure Boot on Windows 11. Researchers from ESET discovered a new stealthy Unified Extensible Firmware Interface ( UEFI ) bootkit, named BlackLotus , that is able to bypass Secure Boot on Windows 11.

article thumbnail

The source code of the BlackLotus UEFI Bootkit was leaked on GitHub

Security Affairs

Researchers from ESET discovered in March a new stealthy Unified Extensible Firmware Interface ( UEFI ) bootkit, named BlackLotus , that is able to bypass Secure Boot on Windows 11. Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

January 11, 2024 Smart Thermostat from Bosch Puts Offices in Danger Type of vulnerability: Malicious commands sent from an attacker to the thermostat, including potentially replacing firmware with rogue code. According to Bitdefender, the thermostat does not validate the authenticity of a new firmware update.

Firewall 105
article thumbnail

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

While security suites and platforms will scan computers, servers, and network switches all day long, not all of them are designed to handle things like fridges and thermostats. And IoT devices often don’t have the firmware to install antivirus software or other protective tools.

Hacking 125
article thumbnail

Vulnerability Recap 6/18/24 – Patch Tuesday, Plus More Ivanti Issues

eSecurity Planet

This could allow them to make changes within the device’s firmware. The fix: Upgrade your Pixel device to the most recent security update. The problem: Hardware vendor ASUS released a security notice and firmware update for seven of its routers.

Firmware 103
article thumbnail

Vulnerability Recap 9/9/24 – Exploited Vulnerabilities Persist

eSecurity Planet

” To reduce risks, replace unsupported equipment, apply available firmware updates, and keep an accurate IT asset inventory. The fix: Zyxel has published security upgrades , and end users must immediately upgrade impacted devices to the most recent firmware releases. All impacted models must be updated to version 7.00

Firmware 100
article thumbnail

Vulnerability Recap 6/24/24 – Patch Highlights Across Platforms

eSecurity Planet

Cybersecurity researchers discovered a buffer overflow flaw in Intel Core processor firmware causing Phoenix Technology to release patches. To minimize future vulnerabilities, concerned users should prioritize frequent upgrades and strong security practices for all systems and applications.