🚀 Medial Secures Investment on Shark Tank India - Fueling the Future of Professional Social Networking. 🔥

Startup Showcase

Premium Content

Try our Valuation Calculator →

News on Medial

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

Arstechnica

Arstechnica · 1y ago

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

A newly discovered attack called LogoFAIL has revealed that hundreds of Windows and Linux computer models from various hardware manufacturers are vulnerable to malicious firmware infections. The attack is difficult to detect and remove, and can be executed remotely, bypassing multiple defense mechanisms. LogoFAIL exploits vulnerabilities in Unified Extensible Firmware Interfaces (UEFIs) responsible for booting devices, giving attackers control over the memory and disk of the target device early in the boot process. The attack has prompted companies to release advisories and security patches.

Related News

Critical vulnerability affecting most Linux distros allows for bootkits

Arstechnica

Arstechnica · 1y ago

Critical vulnerability affecting most Linux distros allows for bootkits

Linux developers are working to fix a high-severity vulnerability that can enable the installation of malware at the firmware level, making it difficult to detect or remove. The vulnerability is found in "shim," a component that runs during the boot process before the operating system starts. It plays a crucial role in secure boot, a protection feature in most devices to ensure every link in the boot process is verified. Successful exploitation of the vulnerability allows attackers to execute malicious firmware during the earliest stages of booting, undermining the secure boot mechanism. The vulnerability requires compromising the targeted device or the server/network the device boots from.

Critical vulnerability affecting most Linux distros allows for bootkits

Arstechnica

Arstechnica · 1y ago

Critical vulnerability affecting most Linux distros allows for bootkits

Linux developers are working on patching a high-severity vulnerability that enables the installation of firmware-level malware, granting deep-level access to an infected device. The vulnerability exists in shim, a component that runs in the firmware during the early boot process. Successful exploitation allows attackers to execute malicious firmware before the operating system starts, neutralizing the secure boot mechanism. The flaw, named CVE-2023-40547, is a buffer overflow that can be exploited through compromised devices or servers. Physical access to a device or administrative control could also be used to exploit the vulnerability.

Microsoft Build 2025: news and announcements from the developer conference

The Verge

The Verge · 3m ago

Microsoft Build 2025: news and announcements from the developer conference

Microsoft Build 2025 is a four-day developer conference starting May 19th, featuring CEO Satya Nadella. Key announcements include Microsoft's new command line text editor, Edit on Windows, and GitHub’s AI coding agent for bug fixes. Microsoft also introduced APIs for on-device AI with Edge, the Windows Subsystem for Linux as open-source, and hosting Elon Musk’s Grok AI models. The event highlights Microsoft's AI advancements, focusing on AI agents for enhancing user experiences and integration across platforms.

Government has a warning for Google Chrome users: Details inside

Livemint

Livemint · 2y ago

Government has a warning for Google Chrome users: Details inside

The vulnerabilities identified by CERT-In affect users who are using Google Chrome versions prior to 116.0.5845.96/.97 for Windows and Google Chrome versions prior to 116.0.5845.96 for Mac and Linux.

Microsoft Build 2025: news and announcements from the developer conference

The Verge

The Verge · 3m ago

Microsoft Build 2025: news and announcements from the developer conference

Microsoft's Build 2025 developer conference, held from May 19th, unveiled significant advancements, especially in AI and developer tools. Key announcements included: a new command line text editor called "Edit on Windows," AI API integrations in Microsoft Edge, and GitHub's AI coding agent capable of bug fixes. Microsoft also introduced Model Context Protocol for AI interoperability and open-sourced its Windows Subsystem for Linux. Controversially, the event was briefly interrupted by protests against Microsoft's contracts with the Israeli government.

This tiny device is sending updated iPhones into a never-ending DoS loop

Arstechnica

Arstechnica · 1y ago

This tiny device is sending updated iPhones into a never-ending DoS loop

The Flipper Zero device, a portable multi-tool for hackers, has gained attention for its ability to disrupt iPhones by sending Bluetooth pairing requests. The device, which is affordable and user-friendly, has brought previously inaccessible attacks within the reach of casual technology enthusiasts. Flipper Zero offers a range of capabilities including cloning key cards and RFID cards, troubleshooting hardware, and functioning as a universal TV remote. With its open-source design, users can customize the device's firmware to expand its functionalities. The device has a monochrome LCD display, GPIO pins for external hardware connections, and a USB-C port for power and firmware updates.

New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling

Arstechnica

Arstechnica · 1y ago

New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling

According to researchers, UEFI firmware from leading suppliers contains vulnerabilities known as PixieFail, allowing attackers to infect connected devices with malware at the firmware level. The vulnerabilities reside in TianoCore EDK II, an open-source UEFI implementation utilized by Arm, Insyde, AMI, Phoenix Technologies, and Microsoft. Exploiting these flaws can enable attackers to install malicious firmware that runs before the main operating system, giving them control over the infected device without detection or removal by standard security measures. Attackers only require minimal network access to exploit the vulnerabilities.

Microsoft releases a new Windows app called Windows App for running Windows apps

Arstechnica

Arstechnica · 11m ago

Microsoft releases a new Windows app called Windows App for running Windows apps

Microsoft has unveiled a new app called Windows App that allows users to run Windows and Windows apps on various platforms, including Windows, macOS, iOS, web browsers, and Android. The app is a replacement for the Microsoft Remote Desktop app and offers a unified way to access Windows PCs, cloud-hosted Windows 365, and remotely hosted apps provisioned by work or school. Windows App provides improvements such as easier account switching, enhanced device management for IT administrators, support for frontline workers, and the "Relayed RDP Shortpath" feature for enabling Remote Desktop on restricted networks.

Google Chrome vulnerabilities expose millions — What should you do

Economic Times

Economic Times · 3m ago

Google Chrome vulnerabilities expose millions — What should you do

The Indian Computer Emergency Response Team (CERT-In) has warned about multiple vulnerabilities in Google Chrome, affecting Windows, MacOS, and Linux users. These vulnerabilities could allow remote attackers to execute code on users' systems. The specific vulnerabilities involve insufficient policy enforcement in Loader and incorrect handling in Mojo. The CVE-2025-4664 vulnerability is actively being exploited. Users are urged to update their Chrome versions to safeguard against these security issues.

Microsoft introduces new tool for easy file sharing with Android Phones: Details

Livemint

Livemint · 1y ago

Microsoft introduces new tool for easy file sharing with Android Phones: Details

Microsoft has introduced a new feature in the Windows 11 beta update that allows for seamless file sharing between Windows PCs and Android phones. This feature, available exclusively to Windows Insiders, adds a "My Phone" search icon within the Windows Share interface. Users need to pair their Android device with their PC using the Link to Windows app on Android and the Phone Link app on their PC. This integration simplifies the file-sharing process and offers a convenient option for Windows Insiders to transfer content between devices.

Trackers

Active Indian VC’s

OG Capital Email

With a hands-on approach, OG Capital aims to invest in over 20 promising...

Accel Partners Email

Early and growth-stage investments in disruptive technology companies with...

Early-stage venture capital firm investing in technology startups in India. Focus on...

Access All Trackers

Startup Showcase Winners

Aug 2025

Build. Comply. Fund. Fly.

Crypto to INR payments app for Indians

Your CV, Done Right.

Enter Ongoing Startup Showcase

Top Users

Trending News on Medial

Download the medial app to read full posts, comements and news.