The US National Security Agency (NSA) has released a comprehensive mitigation guide to address the BlackLotus malware. According to the document, BlackLotus exploits a boot loader flaw, known as “Baton Drop,” (CVE-2022-21894) to take control of endpoints during the early phase of software boot.

Source: Infosecurity