"In an email to the ICAO, the Lockheed Martin cyberintelligence analyst described the attack as "a significant threat to the aviation industry." It had the characteristics of a "watering hole attack" that targets visitors to a website. The UN agency, working with 192 member states and industry groups, is responsible for setting international civil aviation standards, including for safety and security." - via PhysOrg
Apparently, this product is now embedded in a wide range of devices (ranging from Apple Inc. to Dell Computers and more). I do architect & advise end-point security efforts in my work (agnostic that I am - I do not recommend individual products), but certainly not an embedded product in BIOS or EFI. Could it be rightly called 'The Self-Healing Endpoint of Privacy'? Has a meme been created? You be the judge - Me?, I'm going back to paper and pencil, air-gapped (of course - dammit, air-gaps are no guaranty of secure platforms either...). What to do. Tip o' the Hat.
In a tour de force screed, published at InfosecIsland, Steve Martino, details exactly what is required for data classification to succeed, and the impact of that classification effort on an organization's information security posture. (Mr. Martino is CISCO Systems, Inc. (NasdaqGS: CSCO) CISO and VP of Information Security.)