Insecure defaults in Intel AMT allow an intruder to completely bypass user and BIOS passwords and TPM and Bitlocker PINs to backdoor almost any corporate laptop in a matter of seconds.
Attackers are always on the lookout for new vectors and unmonitored devices are attractive targets; Paul McKiernan warns, ensure that a security stack covers every attack vector - below the OS, in the OS and above the OS.
Intel Security has updated its Chipsec BIOS tool in response to the release last week of WikiLeaks' Vault7 collection of 'cutting-edge' CIA malware.
Firmware on Lenovo laptops keeps installing software - which is not just annoying, its also a security vulnerability.
BIOS bookits are being used in APTs, with new research demonstrating abiity to exploit newly discovered vulnerabilities.