Tag: BlackLotus

ESET Research discovers UEFI Secure Boot bypass vulnerability

January 16, 2025

ESET researchers have discovered a vulnerability, affecting the majority of UEFI-based systems, that allows actors to bypass UEFI Secure Boot. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party UEFI certificate. Exploitation of this vulnerability can lead to the execution of untrusted code during system … More ESET Research discovers UEFI Secure Boot bypass vulnerability

ESET Research Podcast: Finding the mythical BlackLotus bootkit

July 12, 2023

A story of how analysis of a supposed game cheat turned into a discovery of a powerful UEFI threat. Towards the end of 2022 an unknown threat actor boasted on an underground forum that they’d created a new and powerful UEFI bootkit called BlackLotus. Its most distinctive feature? It could bypass UEFI Secure Boot – a … More ESET Research Podcast: Finding the mythical BlackLotus bootkit

What does $5,000 buy you on a hacking forum?

March 6, 2023

For a mere $5,000, you can buy a UEFI bootkit called BlackLotus that can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled. This week, ESET researchers published their analysis of BlackLotus that caused them to conclude that the bootkit they had discovered in the wild is indeed the BlackLotus bootkit … More What does $5,000 buy you on a hacking forum?

ESET Research analyzes BlackLotus: A UEFI bootkit that can bypass UEFI Secure Boot on fully patched systems

March 1, 2023

ESET researchers are the first to publish an analysis of BlackLotus, the first in-the-wild UEFI bootkit that is capable of bypassing an essential platform security feature — UEFI Secure Boot. ESET researchers are the first to publish an analysis of a UEFI bootkit that is capable of bypassing an essential platform security feature – UEFI … More ESET Research analyzes BlackLotus: A UEFI bootkit that can bypass UEFI Secure Boot on fully patched systems