EUVD-2020-26561

Malware in sbrugna...

EUVD-2020-18811

Malware in sbrugna...

EUVD-2017-18390

Malware in sbrugna...

EUVD-2020-26558

Malware in sbrugna...

EUVD-2021-8843

Malicious code in bioql PyPI...

TencentOS Server 4: edk2 (TSSA-2025:0668)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0668 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

The vulnerability of UEFI (BIOS) microprogramming software in Huawei personal computers allows a hacker to execute arbitrary code.

The vulnerability of UEFI BIOS in Huawei personal computers is related to the execution of operations outside the buffer in SMRAM. Exploiting this vulnerability allows an attacker to execute arbitrary code in System Management Mode SMM...

High-Severity Intel Processor Bug Exposes Encryption Keys

A security vulnerability in Intel chips opens the door for encrypted file access and espionage, plus the ability to bypass copyright protection for digital content. That’s according to Positive Technologies PT, which found that the vulnerability CVE-2021-0146 is a debugging functionality with...

Insyde InsydeH2O Memory Corruption Vulnerability

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System.Insyde InsydeH2O suffers from a memory corruption vulnerability. InsydeH2O is vulnerable to memory corruptio...

Input validation

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service an...

CVE-2021-21571

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service an...

TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions

The TrickBot malware has morphed once again, this time implementing functionality designed to inspect the UEFI/BIOS firmware of targeted systems. It marks a serious resurgence following an October takedown of the malware’s infrastructure by Microsoft and others. The Windows Unified Extensible...

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected

TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system. The new functionality, dubbed "TrickBoot" by Advanced Intelligence...

Dell Inspiron 7347 BIOS Boot Service Override Vulnerability

Dell Inspiron 7347 BIOS is a system update driver for Dell Dell. Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS boot service override vulnerability that allows an attacker to override the EFIBOOTservice structure to execute arbitrary code in System Management Mode SMM...

Force firmware code to be measured and attested by Secure Launch on Windows 10

You cannot build something great on a weak foundation – and security is no exception. Windows is filled with important security features like Hypervisor-protected code integrity HVCI and Windows Defender Credential Guard that protect users from advanced hardware and firmware attacks. For these...

MBR disk restore to UEFI system fails with "OS disk in backup uses MBR disk" warning

Challenge When attempting to restore a Windows machine using Bare Metal Recovery, the restore displays the warning: OS disk in backup uses MBR disk. This may cause boot issues on UEFI systems Cause The Bare Metal Recovery restore has detected that the system within the selected restore point was...

Missing System x Flash Memory Write Protection Lock Bit - US

Lenovo Security Advisory: LEN-24477 Potential Impact: Denial of service Severity: High Scope of Impact: Lenovo-specific CVE Identifier: CVE-2018-9085 Summary Description: A write protection lock bit was left unset after boot on an older generation of System x server, potentially allowing an...

Intel Active Management Technology MEBx Access Control Bypass - US

Lenovo Security Advisory: LEN-19568 Potential Impact: Remote access and control Severity: Critical Scope of Impact: Industry-wide Summary Description: Intel has issued an advisory for Intel vPro Active Management Technology AMT to all system manufacturers. The Intel AMT default configuration has...

SmmRuntime Escalation of Privilege

Summary: Intel is releasing mitigations for a privilege escalation issue. This issue affects the UEFI BIOS of select Intel Products. The issue identified is a method that enables malicious code to gain access to System Management Mode SMM. Description: A malicious attacker with local administrati...

Hacking Team Spyware preloaded with UEFI BIOS Rootkit to Hide Itself

Last Week someone just hacked the infamous Hacking Team, The Italy-based cyber weapons manufacturer and leaked a huge trove of 400GB internal data, including: Emails Hacking tools Zero-day exploits Surveillance tools Source code for Spyware A spreadsheet listing every government client with date ...