An anonymous reader writes from a report via BleepingComputer: Last week, at the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed two vulnerabilities in the firmware of Gigabyte BRIX small computing devices, which allow an attacker to write malicious content to the UEFI firmware. During their presentation, researchers installed a proof-of-concept UEFI ransomware, preventing the BRIX devices from booting, but researchers say the same flaws can be used to plant rootkits that allow attackers to persist malware for years. The two vulnerabilities discovered are CVE-2017-3197 and CVE-2017-3198. The first is a failure on Gigabyte’s part to implement write protection for its UEFI firmware. The second vulnerability is another lapse on Gigabyte’s side, who forgot to implement a system that cryptographically signs UEFI firmware files. Add to this the fact that Gigabyte uses an insecure firmware update process, which doesn’t check the validity of downloaded files using a checksum and uses HTTP instead of HTTPS. A CERT vulnerability note was published to warn users of the impending danger and the bugs’ ease of exploitation. Read more of this story at Slashdot.
Read the original post:
Gigabyte Firmware Bugs Allow the Installation of BIOS/UEFI Ransomware
After WikiLeaks revealed data exposing information about the CIA’s arsenal of hacking tools, Intel Security has released a tool that allows users to check if their computer’s low-level system firmware has been modified and contains unauthorized code. PCWorld reports: The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple’s Macbooks. The documents from CIA’s Embedded Development Branch (EDB) mention an OS X “implant” called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter. In addition to DarkMatter, there is a second project in the CIA EDB documents called QuarkMatter that is also described as a “Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant.” The Advanced Threat Research team at Intel Security has created a new module for its existing CHIPSEC open-source framework to detect rogue EFI binaries. CHIPSEC consists of a set of command-line tools that use low-level interfaces to analyze a system’s hardware, firmware, and platform components. It can be run from Windows, Linux, macOS, and even from an EFI shell. The new CHIPSEC module allows the user to take a clean EFI image from the computer manufacturer, extract its contents and build a whitelist of the binary files inside. It can then compare that list against the system’s current EFI or against an EFI image previously extracted from a system. Read more of this story at Slashdot. 
Less than a week after AMD announced the first line up of Ryzen processors, Intel is apparently fighting back by dropping the price of several of its processors. Rob Williams, writing for HotHardware: So, what we’re seeing now are a bunch of Intel processors dropping in price, perhaps as a bit of a preemptive strike against AMD’s chips shipping later this week — though admittedly it’s still a bit too early to tell. Over at Amazon, the prices have been slower to fall, but we’d highly recommend that you keep an eye on the following pages, if you are looking for a good deal this week. So far, at Micro Center we’ve seen the beefy six-core Intel Core i7-6850K (3.60GHz) drop from $700 to $550, and the i7-6800K (3.40GHz) drop down to $360, from $500. Also, some mid-range chips are receiving price cuts as well. Those include the i7-6700K, a 4.0GHz chip dropping from $400 to $260, and the i7-6600K, a 3.50GHz quad-core part dropping from $270 to $180. Even Intel’s latest and greatest Kaby Lake-based i7-7700K has experienced a drop, from $380 to $299, with places like Amazon and NewEgg retailing for $349. Read more of this story at Slashdot.