Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot Lenovo, AMI and Insyde have released patches for LogoFAIL, an image library poisoning attack.
Researchers at firmware supply chain security platform company Binarly discovered a set of security vulnerabilities that open almost all Windows and Linux computers up to attack.
The security researchers named the attack LogoFAIL because of its origins in image parsing libraries.
Binarly announced its discovery on Nov. 29 and held a coordinated mass disclosure at the Black Hat Security Conference in London on Dec. 6.
Any x86 or ARM-based device using the Unified Extensible Firmware Interfaces firmware ecosystem could potentially be open to the LogoFAIL attack.
Binarly is still investigating whether additional manufacturers are affected.
LogoFAIL is particularly dangerous because it can be remotely executed in ways many endpoint security products can't detect.
LogoFAIL is a series of vulnerabilities whereby the graphic image parsers in system firmware can use customized versions of image parsing libraries.
Essentially, an attacker can replace an image or logo that appears while the device boots up and gain access to the operating system and memory from there.
Put simply, attackers could embed malicious code into logos that appear during the Driver Execution Environment stage in the boot process, such as the device manufacturer's logo.
From there, attackers can access and control the device's memory and disk.
Figure B. Binarly showed they could load executable code onto the hard drive before the device had fully booted up.
ArsTechnica recommends running UEFI defenses such as Secure Boot, Intel Boot Guard, Intel BIOS Guard or their equivalents for AMD or ARM CPUs.
Artificial Intelligence 7 Best AI Art Generators of 2023 This is a comprehensive list of the best AI art generators.
Payroll The Best Cheap Payroll Services Find the perfect payroll service for your business without breaking the bank.
Project Management 10 Best Free Project Management Software & Tools for 2023 Free project management software provides flexibility for managing projects without paying a cent.
Check out our list of the top free project management tools.
Cloud Cloud Strategies Are Facing a New Era of Strain in Australia, New Zealand Australian and New Zealand enterprises in the public cloud are facing pressure to optimize cloud strategies due to a growth in usage and expected future demand, including for artificial intelligence use cases.
AGI is regarded as very powerful since it can autonomously solve a wide variety of cognitive tasks, as opposed to weak or narrow AI systems that carry out only particular or specialized .... TechRepublic Premium Hiring Kit: Blockchain Engineer Moving well-beyond its cryptocurrency roots, blockchain technology has quickly become a sought-after component of application development in the modern business enterprise.
This hiring kit from TechRepublic Premium provides a workable framework you can use .... TechRepublic Premium Generative AI Policy Generative AI represents a significant development in the field of artificial intelligence, offering a wide range of capabilities and potential benefits.
This Cyber News was published on www.techrepublic.com. Publication date: Thu, 07 Dec 2023 22:13:04 +0000