'

LogoFAIL attack can inject malware in the firmware of many computers

LogoFAIL attack can inject malware in the firmware of many computers

Researchers have devised an attack that exploits serious vulnerabilities in UEFI firmware used by many computer manufacturers to deploy stealthy rootkits that execute in the early stages of the boot-up process beyond the visibility of endpoint security products. The attack involves planting maliciously crafted images in a special partition on the drive or in non-protected … Read more

Google expands minimum security guidelines for third-party vendors

Google expands minimum security guidelines for third-party vendors

Google has upgraded its recommended minimum requirements for securing third-party applications, offering more guidance on managing external bug researchers and lowering the costs for accessing basic security features by baking them into applications by design. Google launched its Minimum Viable Secure Product (MVSP) program in 2021 to identify fundamental application security controls that should be … Read more