All articles tagged with #firmware security
Cybersecurity researchers disclosed two medium-severity vulnerabilities in Supermicro BMC firmware that allow attackers to bypass verification processes and update systems with malicious images, potentially compromising server security and control.
Multiple vulnerabilities in the Unified Extensible Firmware Interface (UEFI) code, collectively known as LogoFAIL, have been discovered, allowing threat actors to deliver malicious payloads and bypass security technologies. By injecting a malicious logo image file into the EFI system partition, attackers can bypass security solutions and deliver persistent malware during the boot phase. The vulnerabilities affect both x86 and ARM-based devices and major independent firmware/BIOS vendors (IBVs) like AMI, Insyde, and Phoenix, impacting a wide range of consumer and enterprise-grade devices. These flaws highlight the need for improved code quality and product security maturity in IBVs reference code.
Private code signing keys of Taiwanese PC maker MSI have been leaked on the dark web by the threat actors behind the ransomware attack on the company last month. The leaked data includes firmware image signing keys associated with 57 PCs and private signing keys for Intel Boot Guard used on 116 MSI products, which could impact several device vendors, including Intel, Lenovo, and Supermicro. The leak poses significant risks as threat actors could use them to sign malicious updates and other payloads and deploy them on targeted systems without raising any red flags.