New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits

Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft's "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new

Posted from: Click here for the full article.

留言

發佈留言

此網誌的熱門文章

New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users

Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems. The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum. "macOS users are served a Posted from: Click here for the full article .
閱讀更多

Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies

Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six months after a China-linked cyber espionage campaign targeting two dozen organizations came to light. "Microsoft will automatically enable the logs in customer accounts and increase the default log retention period from 90 days to 180 days," Posted from: Click here for the full article .
閱讀更多

New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT

A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu. "The PhantomBlu operation introduces a nuanced exploitation method, diverging from NetSupport RAT’s typical delivery mechanism by leveraging OLE (Object Posted from: Click here for the full article .
閱讀更多