Pierluigi Paganini December 03, 2020
TrickBoot feature allows TrickBot bot to run UEFI attacks

TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature. The infamous TrickBot gets a new improvement, authors added a new feature dubbed “TrickBoot” designed to exploit well-known vulnerabilities in the UEFI/BIOS firmware and inject malicious code, such as bootkits. The TrickBoot functionality was documented […]

Pierluigi Paganini July 04, 2016
ThinkPwn UEFI Zero-Day flaw allows hackers to disable security features

The researcher Dmytro Oleksiuk published details of ThinkPwn flaw, a UEFI zero-day that could be exploited by hackers to disable security features. Once again the IT giant Lenovo is in the headlines, some products of the company and some others from other PC vendors, are affected by a UEFI vulnerability, dubbed ThinkPwn, that can be exploited […]

Pierluigi Paganini January 31, 2016
Now VirusTotal can scan your firmware image for bad executables

VirusTotal presented a new malware scanning engine that allows users to analyze their firmware images searching for malicious codes. VirusTotal has recently announced the launch of a new malware scanning service for firmware images. The intent is to allow users to identify malicious firmware images. Threat actors could exploit vulnerabilities in firmware to hack systems […]

Pierluigi Paganini June 02, 2014
A new way to bypass Secure Boot security mechanism of UEFI

Security Experts discovered a new attack method to defeat Secure Boot security mechanism of the UEFI (Unified Extensible Firmware Interface). The Secure Boot security mechanism of the UEFI (Unified Extensible Firmware Interface) can be circumvented on around half of PCs that use it, security researcher Corey Kallenberg from nonprofit research organization Mitre has demonstrated it at […]

Pierluigi Paganini February 13, 2014
FAQ on Absolute Computrace case – Security Vulnerability Claims

Kaspersky confirms hidden threat in BIOSes PC and warns that Absolute Computrace Anti-Theft agent can be remotely hijacked.Absolute Software refuses claims. After the case raised by Kaspersky team on the Computrace agent I tried to contact Absolute software received the following official reply on the results of the investigation. Background On Wednesday, February 12th, Kaspersky Lab […]

Pierluigi Paganini February 13, 2014
Millions computers running Computrace agent can be remotely hijacked

Experts at Kaspersky confirm hidden threat in BIOSes of Popular Laptops and warns that Absolute Computrace Anti-Theft agent can be remotely hijacked Researchers at Kaspersky Lab have demonstrated that a feature in the legitimate software produced by Absolute Software firm can be abused to turn a defensive utility into a powerful utility for cyberattack. Kaspersky Lab’s security […]