all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign

Add to bookmarks
April 11, 2023, 5:05 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus. UEFI bootkits are particularly dangerous as they run at computer startup, prior to the operating system loading, and therefore can interfere with or deactivate various operating system (OS) security mechanisms such as BitLocker, hypervisor-protected code integrity (HVCI), and Microsoft Defender Antivirus. Though this could impede investigations and threat …

antivirus attacks bitlocker blacklotus bootkit called campaign code compromised computer cve cve-2022-21894 defender exploiting firmware guidance guide hunting hypervisor identify integrity interface investigations microsoft microsoft defender microsoft defender antivirus operating system organizations run security startup system threat threat actors threat hunting uefi

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Dissecting Windows Malware Series – RISC vs CISC Architectures – Part 4 51 minutes ago | malware.news
architectures cisc gains history +7
The life and times of an Abstract Syntax Tree an hour ago | malware.news
artificially intelligent can clear compiler +12
Psychotherapy practice hacker gets jail time after extorting patients, publishing personal therapy notes online an hour ago | malware.news
article attack cybercriminals hacker +12
Strengthening Cloud Security Together: Meet the Runtime Insights Partner Ecosystem an hour ago | malware.news
cloud cloud security collaboration cybersecurity +18
North American, European critical infrastructure facing pro-Russia hacktivist threats an hour ago | malware.news
agriculture america american article +37
RSA Conference 2024 Preview: The Sessions to See This Year an hour ago | malware.news
article brian conference episode +12
Senators Reprimand UnitedHealth CEO in Ransomware Hearing an hour ago | malware.news
attack ceo change change healthcare +17
Prisma SASE 3.0 — Securing Work Where It Happens 2 hours ago | malware.news
application coffee corporate corporate network +19
Deepfakes and AI-Driven Disinformation Threaten Polls 3 hours ago | malware.news
access article campaigns deepfakes +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Associate Manager, BPT Infrastructure & Ops (Security Engineer)

@ SC Johnson | PHL - Makati
View on infosec-jobs.com

Cybersecurity Analyst - Project Bound

@ NextEra Energy | Jupiter, FL, US, 33478
View on infosec-jobs.com

Lead Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Junior Information Security Coordinator (Internship)

@ Garrison Technology | London, Waterloo, England, United Kingdom
View on infosec-jobs.com

Sr. Security Engineer

@ ScienceLogic | Reston, VA
View on infosec-jobs.com
View more jobs