all InfoSec news
Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign
Malware Analysis, News and Indicators - Latest topics malware.news
This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus. UEFI bootkits are particularly dangerous as they run at computer startup, prior to the operating system loading, and therefore can interfere with or deactivate various operating system (OS) security mechanisms such as BitLocker, hypervisor-protected code integrity (HVCI), and Microsoft Defender Antivirus. Though this could impede investigations and threat …
antivirus attacks bitlocker blacklotus bootkit called campaign code compromised computer cve cve-2022-21894 defender exploiting firmware guidance guide hunting hypervisor identify integrity interface investigations microsoft microsoft defender microsoft defender antivirus operating system organizations run security startup system threat threat actors threat hunting uefi