Tagged: intel

us-cert-logo 0

IC3 Issues Alert on University Employee Payroll Scam

Original release date: January 15, 2015 The Internet Crime Complaint Center (IC3) has issued an alert addressing a spear phishing scam targeting university employees and their payroll accounts. Scam operators use fraudulent e-mails and websites to entice employees to reveal login credentials. Users are encouraged to review the IC3 Aler t for details and refer to Security Tip ST04-014 for information on social engineering and phishing attacks.

VU#533140: Tianocore UEFI implementation reclaim function vulnerable to buffer overflow 0

VU#533140: Tianocore UEFI implementation reclaim function vulnerable to buffer overflow

Vulnerability Note VU#533140 Tianocore UEFI implementation reclaim function vulnerable to buffer overflow Original Release date: 05 Jan 2015 | Last revised: 12 Jan 2015 Overview The reclaim function in the Tianocore open source implementation of UEFI contains a buffer overflow vulnerability. Description The open source Tianocore project provides a reference implementation of the Unified Extensible Firmware Interface (UEFI). Some commercial UEFI implementations incorporate portions of the Tianocore source code

VU#976132: Some UEFI systems do not properly secure the EFI S3 Resume Boot Path boot script 0

VU#976132: Some UEFI systems do not properly secure the EFI S3 Resume Boot Path boot script

Vulnerability Note VU#976132 Some UEFI systems do not properly secure the EFI S3 Resume Boot Path boot script Original Release date: 05 Jan 2015 | Last revised: 05 Jan 2015 Overview Some UEFI systems fail to properly restrict access to the boot script used by the EFI S3 Resume Boot Path, allowing an authenticated, local attacker to bypass various firmware write protections. Description According to Rafal Wojtczuk and Corey Kallenberg of The MITRE Corporation: “During the UEFI S3 Resume p at h, a boot script is i nterpreted to re-initialize the platform

VU#533140: UEFI EDK1 vulnerable to buffer overflow 0

VU#533140: UEFI EDK1 vulnerable to buffer overflow

Vulnerability Note VU#533140 UEFI EDK1 vulnerable to buffer overflow Original Release date: 05 Jan 2015 | Last revised: 05 Jan 2015 Overview The EDK1 UEFI reference implementation contains a buffer overflow vulnerability. Description The open source EDK1 project provides a reference implementation of the Unified Extensible Firmware Interface (UEFI). Commercial UEFI implementations may incorporate portions of the EDK1 source code.