Exploitation of these vulnerabilities would allow attackers to deploy and successfully execute UEFI malware such as LoJax and ESPecter. UEFI threats can be extremely stealthy and dangerous. · Discovered vulnerabilities: CVE-2021-3970, CVE-2021-3971, CVE-2021-3972. ESET Research strongly advises all owners of Lenovo consumer laptops to go through the list of affected devices and update their firmware. … More ESET Research discovers vulnerabilities in Lenovo consumer laptops exposing users to risk of UEFI malware installation
ESET researchers have discovered a previously undocumented real-world UEFI bootkit that persists on the EFI System Partition (ESP). The bootkit, which ESET has named ESPecter, can bypass Windows Driver Signature Enforcement to load its own unsigned driver, which facilitates its espionage activities. ESPecter is the second discovery of a UEFI bootkit persisting on the ESP … More ESET Research discovers ESPecter, a bootkit for cyberespionage
ESET experts describe how they trained a machine-learning model to recognize a handful of unwanted UEFI components within a flood of millions of harmless samples. UEFI (Unified Extensible Firmware Interface) security has been a hot topic for the past few years, but, due to various limitations, very little UEFI-based malware has been found in the … More Needles in a haystack: Picking unwanted UEFI components out of millions of samples
Did you know the world saw the first known attack on UEFI last year? Find out more about what it means for your business Everyone is familiar with the concept that attackers can launch malicious attacks through email, windows or other software that runs on our laptops; but how can the device itself be a … More What is an UEFI attack and how can it affect your computer?
ESET sheds light on commands used by the favorite backdoor of the Sednit group. What happens when a victim is compromised by a backdoor and the operator is controlling it? It’s a difficult question that is not possible to answer entirely by reverse engineering the code. In this article we will analyze commands sent by … More A journey to Zebrocy land