Security Notifications
With experts in UEFI firmware development across the globe, the Phoenix Security Team is dedicated to establishing and fortifying trust in firmware.
High Severity Vulnerability in Acer Aspire E5-475G BIOS
A stack overflow vulnerability has been found in the BIOS firmware of Aspire E5-475G laptops, which can allow local attackers to execute arbitrary code and gain escalated privileges during the boot process.
CosmicStrand: The Discovery of a Sophisticated UEFI Firmware Rootkit
Reference Article
CosmicStrand appears to be the work of an unknown Chinese-speaking threat actor.
MoonBounce: Chinese Group Deploys MoonBounce Implant in UEFI Firmware
The highly targeted attack reveals a new level of sophistication in attacks against UEFI firmware.
High Severity Vulnerability in Dell BIOSConnect
A buffer overflow vulnerability has been identified in the Dell BIOSConnect feature, which allows users to update their BIOS firmware from the cloud.
Sunburst and SolarWinds Data Breach
Alert (AA20-352A) – US-Cert – CISA
In December 2020, cybersecurity researchers at FireEye discovered and reported a supply chain attack on SolarWinds software.