cognitive cybersecurity intelligence

News and Analysis

Search

New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling

UEFI firmware from five major suppliers including Arm Ltd., Insyde, AMI, Phoenix Technologies, and Microsoft has vulnerabilities termed as “PixieFail”. The flaw allows attackers with minimal network access to infect devices with malicious firmware, which can bypass standard protection measures due to running before the main OS loads. The security flaws can be exploited in the PXE or Preboot Execution Environment, and mostly pose threats to public and private data centres. The vulnerabilities were discovered by researchers from security firm Quarkslab.

Source: arstechnica.com –

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts

A National Imperative – Cyber Resiliency

Cybersecurity expert Andrea E. Davis emphasizes the increasing vulnerability of critical infrastructure to cyber threats, highlighting instances such as the 2003 US and Canada power