VulnHub

Real-time Cybersecurity News

New UEFI flaw enables pre-boot attacks on motherboards from Gigabyte, MSI, ASUS, ASRock

BleepingComputer
Vulnerability

Overview

Researchers have discovered a vulnerability in the UEFI firmware of motherboards from major manufacturers including ASUS, Gigabyte, MSI, and ASRock. This flaw allows attackers to perform direct memory access (DMA) attacks, which can bypass the security measures meant to protect the system during the early boot process. The implications are serious, as it could enable malicious actors to gain control over the affected systems before the operating system even loads. Users of these motherboards should be particularly vigilant, as this vulnerability could expose sensitive data and undermine system integrity. It's crucial for companies to address this issue promptly to protect their users from potential exploitation.

Key Takeaways

  • Affected Systems: Motherboards from ASUS, Gigabyte, MSI, ASRock
  • Action Required: Update UEFI firmware to the latest version as provided by the manufacturer; specific patch numbers not mentioned.
  • Timeline: Newly disclosed

Original Article Summary

The UEFI firmware implementation in some motherboards from ASUS, Gigabyte, MSI, and ASRock is vulnerable to direct memory access (DMA) attacks that can bypass early-boot memory protections. [...]

Impact

Motherboards from ASUS, Gigabyte, MSI, ASRock

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Update UEFI firmware to the latest version as provided by the manufacturer; specific patch numbers not mentioned.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Vulnerability.

Read Original Article

Related Coverage

Surge in Silent Subject Phishing Attacks Targets VIP Users

Infosecurity Magazine

Recent reports indicate a rise in silent subject phishing attacks specifically targeting VIP users. These attacks manage to evade traditional email filters by using blank subject lines, making them harder to detect. Attackers are employing QR codes and remote monitoring management (RMM) tools to carry out these schemes. The focus on high-profile individuals means that the potential for financial loss or data breaches is significant. As this trend grows, it is crucial for organizations to enhance their email security measures and educate users on recognizing suspicious communications.

Apr 22, 2026

Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says

SecurityWeek

The UK's cybersecurity chief has warned that British businesses must brace for potential cyberattacks from Russia, Iran, and China, especially if the country becomes involved in an international conflict. These nations are identified as the primary sources of serious cyber threats against the UK. The official emphasized the need for businesses to enhance their defenses to avoid being targeted at scale, which could disrupt operations and compromise sensitive data. This warning comes amid growing tensions globally, suggesting that the risk of cyberattacks may escalate as geopolitical situations evolve. Companies are urged to take proactive measures to safeguard their systems and data against these heightened threats.

Apr 22, 2026

New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention

SecurityWeek

A new malware strain known as Lotus Wiper has been identified targeting the Venezuelan energy sector. This malicious software is designed to disrupt recovery systems by overwriting drives and systematically deleting files, posing a significant threat to the infrastructure of the energy industry. The timing of this attack is particularly notable as it occurred just before a U.S. intervention in Venezuela, raising concerns about the geopolitical implications of cyberattacks in sensitive sectors. Energy companies in Venezuela should be particularly vigilant and assess their cybersecurity measures to protect against such destructive malware. The incident underscores the persistent risk that state-sponsored or politically motivated cyberattacks pose to critical infrastructure.

Apr 22, 2026

Mirai Botnet Targets Flaw in Discontinued D-Link Routers

SecurityWeek

The Mirai botnet is exploiting a command injection vulnerability found in certain discontinued D-Link routers. This issue emerged about a year after the vulnerability was publicly disclosed and proof-of-concept exploit code was released. Users of these routers are at risk, as the botnet can take control of the devices, potentially turning them into part of a larger network for launching attacks. The fact that these routers are no longer supported by D-Link means that affected users will not receive any official security updates or patches, leaving them vulnerable. It's crucial for individuals and organizations still using these routers to take immediate action to secure their networks, as the exploitation is ongoing.

Apr 22, 2026

Claude Mythos Finds 271 Firefox Vulnerabilities

SecurityWeek

A recent analysis by Claude Mythos has uncovered 271 vulnerabilities in the Firefox web browser. Mozilla has stated that these vulnerabilities could also have been identified by skilled human researchers, indicating a significant level of concern regarding the browser's security. Users of Firefox should be aware of these vulnerabilities, as they could potentially expose them to various cyber threats. The sheer number of flaws raises questions about the effectiveness of current security measures in place for the browser. Mozilla has yet to release specific details about fixes or patches to address these issues, making it critical for users to stay updated on future developments.

Apr 22, 2026

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

The Hacker News

Researchers have identified a new type of malware known as Lotus Wiper, which has been used in attacks against Venezuela's energy systems. This malware, discovered by Kaspersky, has been particularly destructive, targeting the energy and utilities sector from late last year into early 2026. The attacks utilize two batch scripts to execute the file-wiping functionality, leading to significant data loss and disruption in the affected systems. This incident is concerning as it highlights the vulnerabilities in critical infrastructure, which can have serious implications for national security and public services. With the energy sector being a vital component of any country's operations, such attacks could hinder essential services and impact everyday life.

Apr 22, 2026