Forgotten UEFI shims undermining Secure Boot

ESET researchers discovered 11 vulnerable UEFI shim bootloaders signed by Microsoft that allow attackers to bypass UEFI Secure Boot by exploiting decade-old vulnerabilities This article has been indexed from WeLiveSecurity Read the original article: Forgotten UEFI shims undermining Secure Boot

Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware

Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below – @asyncapi/generator-helpers@1.1.1 @asyncapi/generator-components@0.7.1 @asyncapi/generator@3.3.1 @asyncapi/specs(v6.11.2, v6.11.2-alpha.1) “The This…