New UEFI Secure Boot flaw exposes systems to bootkits

ESET finds bug in a UEFI application allowing malicious actors to bypass UEFI Secure Boot The move grants criminals the ability to deploy bootkits to affected systems Microsoft addressed the bug in January 2025 Patch Tuesday update An unnamed, but apparently popular, UEFI application, was signed with a vulnerable certificate, allowing threat actors to bypass […]

New UEFI Secure Boot flaw exposes systems to bootkits, patch now

bleepingcomputer.com - 16/Jan 15:05

A new UEFI Secure Boot bypass vulnerability tracked as CVE-2024-7344 that affects a Microsoft-signed application could be exploited to deploy...

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)

itsecuritynews.info - 16/Jan 10:34

ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot....

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

securityaffairs.co - 17/Jan 11:15

Researchers detailed a now-patched vulnerability that could allow a bypass of the Secure Boot mechanism in UEFI systems. ESET disclosed details of a...

CVE-2024-7344 impacts UEFI based systems

thecyberthrone.in - 18/Jan 15:10

CVE-2024-7344 is a critical vulnerability affecting UEFI-based systems. It was discovered by researchers at ESET and involves a bypass of the UEFI...

Microsoft: macOS bug lets hackers install malicious kernel drivers

bleepingcomputer.com - 13/Jan 18:24

Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers...

7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now

bleepingcomputer.com - 21/Jan 16:05

A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute...

Cisco addresses a critical privilege escalation bug in Meeting Management

securityaffairs.co - 08:17

Cisco addressed a critical flaw in its Meeting Management that could allow it to gain administrator privileges on vulnerable instances. Cisco released...

CVE-2024-54498: Exploit Code Released for macOS Flaw

thecyberthrone.in - 13/Jan 08:56

Overview CVE-2024-54498 is a critical vulnerability affecting macOS systems, specifically those running versions prior to 2.6.11. This vulnerability,...

CISA orders agencies to patch BeyondTrust bug exploited in attacks

bleepingcomputer.com - 13/Jan 20:58

CISA tagged a vulnerability in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks, ordering...

Thousands of PHP-based Web Applications Exploited to Deploy Malware