BlackLotus bootkit patch may bring "false sense of security", warns NSA

black lotus

The NSA has published a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protected against the threat. The BlackLotus UEFI bootkit made a name for itself in October 2022, when it was seen being sold on cybercrime underground forums for $5,000. The news sent a shiver down the spines of many in the cybersecurity community, as BlackLotus was the first in-the-wild UEFI bootkit capable of bypassing UEFI Secure Boot on fully updated UEFI systems. BlackLotus is a sophisticated piece of malware that can…

The post “BlackLotus bootkit patch may bring "false sense of security", warns NSA” appeared first on TripWire

Source:TripWire – Graham Cluley