Saturday , March 29 2025

Firmware Backdoor Discovered in Gigabyte Motherboards, 250+ Models Affected

Researchers at firmware and hardware security company Eclypsium discovered that hundreds of motherboard models made by Taiwanese computer components giant Gigabyte include backdoor functionality that could pose a significant risk to organizations.

The backdoor was discovered by Eclypsium based on behavior associated with the functionality, which triggered an alert in the company’s platform.

FBI investigating cyberattack at Oracle, Bloomberg News reports

The Federal Bureau of Investigation (FBI) is probing the cyberattack at Oracle (ORCL.N), opens new tab that has led to...
Read More
FBI investigating cyberattack at Oracle, Bloomberg News reports

OpenAI Offering $100K Bounties for Critical Vulns

OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
OpenAI Offering $100K Bounties for Critical Vulns

Splunk Alert User RCE and Data Leak Vulns

Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
Splunk Alert User RCE and Data Leak Vulns

CIRT alert Situational Awareness for Eid Holidays

As the Eid holidays near, cybercriminals may try to take advantage of weakened security during this time. The CTI unit...
Read More
CIRT alert Situational Awareness for Eid Holidays

Cyberattack on Malaysian airports: PM rejected $10 million ransom

Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4...
Read More
Cyberattack on Malaysian airports: PM rejected $10 million ransom

Micropatches released for Windows zero-day leaking NTLM hashes

Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...
Read More
Micropatches released for Windows zero-day leaking NTLM hashes

VMware Patches Authentication Bypass Flaw in Windows Tool

On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a...
Read More
VMware Patches Authentication Bypass Flaw in Windows Tool

IngressNightmare
Over 40% of cloud environments are vulnerable to RCE

Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities,...
Read More
IngressNightmare  Over 40% of cloud environments are vulnerable to RCE

(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass

Next.js, a widely used React framework for building full-stack web applications, has fixed a serious security vulnerability. Used by many...
Read More
(CVE-2025-29927)  Urgently Patch Your Next.js for Authorization Bypass

Oracle refutes breach after hacker claims 6 million data theft

A hacker known as “rose87168” claims to have stolen six million records from Oracle Cloud servers. The stolen data includes...
Read More
Oracle refutes breach after hacker claims 6 million data theft

Specifically, the researchers determined that the firmware on many Gigabyte systems drops a Windows binary that is executed when the operating system boots up. The dropped file then downloads and runs another payload fetched from Gigabyte servers.

ALSO READ:

WhatsApp ban 74 lakh accounts, Are you safe?

The payload is downloaded over an insecure connection – HTTP or improperly configured HTTPS — and the file’s legitimacy is not verified.

There is no evidence that the backdoor has been leveraged for malicious purposes and the feature appears related to the Gigabyte App Center, which is documented on the company’s website.

However, Eclypsium said it’s difficult to conclusively rule out that it is a malicious backdoor planted from within Gigabyte — either by a malicious insider or as a result of the company’s systems being compromised. It’s also difficult to definitively rule out that the backdoor was planted somewhere in the supply chain.

Even if the feature is legitimate, the cybersecurity firm warned that it could end up being abused by threat actors. It’s not uncommon for skilled hackers to take advantage of such tools in their attacks.

UEFI rootkits have in many cases been used to ensure that Windows malware can persist on a compromised system and this backdoor can be useful for that purpose. In addition, these types of firmware backdoors can be difficult to remove. (Affected models here)

Eclypsium also warned that hackers could take advantage of the insecure connection between the system and Gigabyte servers to replace the payload through a man-in-the-middle (MitM) attack.

Eclypsium has published a list of more than 270 affected motherboard models — this indicates that millions of devices likely have the backdoor. The company said it has been working with Gigabyte to address the issue, which will likely require a firmware update.

Threat actors have been known to target Gigabyte products in their attacks, including with sophisticated UEFI rootkits.

Gigabyte is starting to release a fix to address the motherboard vulnerability.

 

Check Also

zero-click

WhatsApp patched zero-click flaw exploited in spyware attacks

WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon’s Graphite spyware following reports …

Leave a Reply

Your email address will not be published. Required fields are marked *