VU#507496: GIGABYTE BRIX UEFI firmware fails to implement write protection and is not cryptographically signed https://t.co/6b4WGapBjj
— US-CERT (@USCERT_gov) March 31, 2017
It must be big if CERT notices a UEFI issue! 🙂
That Cylance UEFI vuln is a bit duh… I was hoping for something really nice, not a dumb target like Gigabyte.
— The Uninitialized Pointer Guru 🥇 (@osxreverser) March 31, 2017
At least the boards for LGA1155 cpus are all wide open since Gigabyte sucks balls regarding UEFI firmware security.
— The Uninitialized Pointer Guru 🥇 (@osxreverser) March 31, 2017
Replace that Gigabyte Brix by *ALL* Gigabyte firmware :-X
— The Uninitialized Pointer Guru 🥇 (@osxreverser) March 31, 2017
Just checked @GIGABYTEUSA no BIOS updates for vulnerable hardware. But in less then one hour I will be disclosure all the issues at #BHASIA
— Alex Matrosov (@matrosov) March 31, 2017
Researchers Disclose Vulnerabilities in GIGABYTE BRIX Systems https://t.co/OaJX2sqi4Z #infosec #security #BHASIA pic.twitter.com/nQLkTE0ziD
— Cylance Inc. (@cylanceinc) March 31, 2017
It's BIOS update issue. PoC abuse legit updater to deliver modified SMM DXE with ransomware payload.
— Alex Matrosov (@matrosov) March 31, 2017
https://www.cylance.com/en_us/blog/uefi-ransomware-full-disclosure-at-black-hat-asia.html
Firmware Security 