heise online

Bootloader U-Boot: Vulnerabilities allow bypassing the chain of trust

IT security researchers have discovered several security vulnerabilities in the Universal Boot Manager U-Boot. They allow attackers to circumvent the chain of trust and inject and execute arbitrary ...
CSOonline

Secure Boot no more? Leaked key, faulty practices put 900 PC/server models in jeopardy

PKfail: An AMI Platform Key discovered on GitHub led researchers to uncover test keys in firmware images from major PC and server vendors, something hackers could exploit if leaked to gain kernel ...
Bleeping Computer

Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders

Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. GRUB2 (GRand Unified Bootloader) is the ...
PC Gamer

Hard to believe but Secure Boot BIOS security has been compromised on hundreds of PC models from big brands because firmware engineers used four-letter passwords

Critical encrypted file with mere four-character password to blame. When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Now, I'll admit my own ...
Bleeping Computer

New Lenovo UEFI firmware updates fix Secure Boot bypass flaws

Lenovo is warning of high-severity BIOS flaws that could let attackers bypass Secure Boot on all-in-one desktops using customized Insyde UEFI firmware. Devices confirmed to be impacted are IdeaCentre ...