Computerworld

Malicious firmware designed into PC components may be next front in cyberwar

One of the top honchos in Homeland Security admitted to Congress something everyone who has ever done time in IT support knows: Gadgets other employees bring in from home are trouble. Some come with a ...
Computer Weekly

MoonBounce firmware bootkit shows advances in malicious implants

A new firmware bootkit discovered in the wild shows dramatic improvements over previous such tools, according to the Kaspersky researchers who uncovered it. Dubbed MoonBounce, this malicious implant ...
CSOonline

MoonBounce UEFI implant used by spy group brings firmware security into spotlight

Researchers uncovered a stealthy UEFI rootkit that’s being used in highly targeted campaigns by a notorious Chinese cyberespionage group with suspected government ties. The group is known for using ...
Bleeping Computer

New MoonBounce UEFI malware used by APT41 in targeted attacks

Security analysts have discovered and linked MoonBounce, "the most advanced" UEFI firmware implant found in the wild so far, to the Chinese-speaking APT41 hacker group (also known as Winnti). APT41 is ...
Bleeping Computer

Windows, Linux Devices at Risk Due to Unsigned Peripheral Firmware

Researchers have discovered multiple instances of unsigned firmware in computer peripherals that can be used by malicious actors to attack laptops and servers running Windows and Linux. The Eclypsium ...
CSOonline

Secure Boot no more? Leaked key, faulty practices put 900 PC/server models in jeopardy

PKfail: An AMI Platform Key discovered on GitHub led researchers to uncover test keys in firmware images from major PC and server vendors, something hackers could exploit if leaked to gain kernel ...
ZDNet

Gigabyte and Lenovo servers impacted by common BMC firmware flaws

Affected products used a firmware component named MergePoint EMS, made and supplied by Avocent, a software provider now a wholly-owned subsidiary of data center equipment and service provider Vertiv.