Information Security Overview Securing your computer’s BIOS and boot process is essential to modern security, but knowing it’s important and actually taking the steps to do so are not the same thing.
For example, let’s take research as an example. Published The findings were announced last week by security experts at firmware security vendor Binarily. hundreds PCs sold by Dell, Acer, Fujitsu, Gigabyte, HP, Lenovo and Supermicro, as well as components sold by Intel, use a 12-year-old test Platform Key (PK) that was supposedly leaked in 2022 to protect their UEFI Secure Boot implementations.
“An attacker who has access to the private part of the PK can easily circumvent Secure Boot by manipulating the Key Exchange Key Database, the Signature Database, and the Forbidden Signature Database,” Binarily researchers wrote.
And it’s not as though the manufacturer using the PK in question had no reason to know that it was unreliable and not intended for use outside of a laboratory – it was clearly stated on the packaging.
“These test keys have strong indications that they should not be trusted,” Binarily points out. “For example, the certificate issuer contains the strings ‘do not trust’ or ‘do not ship.'”
According to Binarily, over 10% of the firmware images in the dataset are vulnerable to attack with an untrusted PK, likely published by American Megatrends International in May 2012. The researchers note that this problem is “one of the longest-running.” [supply chain vulnerabilities] Something of that kind.”
If an attacker leverages the PK in an attack, they could execute untrusted code during the boot process, even if Secure Boot is enabled.
“This puts the entire security chain at risk, from firmware to operating system,” Binary added.
Binarily is Free Scan Tools It checks your system for a vulnerability called PKFail, which seems like a wise move to make. It requires some effort from device manufacturers to fix this issue.
Critical Vulnerability of the Week: KEV how old?
This week starts with new reports of a very old vulnerability being exploited in the wild.
According to NIST, Internet Explorer versions 6 through 8 contain a use-after-free vulnerability that could allow remote attackers to execute arbitrary code. Detected and identified It was discovered in the wild in 2012. Still being exploited today.
If for some reason you still have machines running IE 6 through 8, it may be time to retire them.
Also, last week, the Internet System Consortium (CVE-2024-4076, CVE-2024-1975, CVE-2024-1737, CVE-2024-0760).
These flaws, if exploited, could lead to a denial of service, and although they are not as severe as other vulnerabilities, because they exist at the DNS level they are still worth installing patches as soon as possible.
Stalkerware vendor breached again
It seems possible Just 2 weeks We’re here before the stalkerware vendors get in. Handed over A trove of files were stolen from Minnesota-based SpyTech last week.
The files, which were allegedly verified as authentic, were installed on phones, tablets and computers monitored by SpyTec software, which secretly monitors devices and spies on users’ activities. Data was found on more than 10,000 devices dating back to 2013.
Interestingly, SpyTech’s CEO reportedly had no knowledge of the breach when asked about it, showing that these stores are prioritizing making money over protecting the personal data they collect on behalf of their customers.
…and turn on MFA
Cisco Talos security researchers Quarterly Reporting As we looked at incident response trends over the last week, one surprising trend emerged: Nearly 80% of ransomware attacks in Q2 occurred at organizations whose systems did not employ multi-factor authentication.
And we thought Snowflake Maybe it taught the world something.
Talos noted that compromised credentials were the most common way to gain initial access for three consecutive quarters, which is the exact same reason behind all of Snowflake’s outages.
Ransomware efforts overall increased 22% from Q1 to Q2 and accounted for 30% of all incidents Talos responded to. Coupled with the rise in attacks using stolen credentials and exploiting a lack of MFA, this week may be a good time to enable MFA for all users, without exception.
TracFone fined $16 million for three violations
Verizon subsidiary TracPhone has agreed to pay $16 million to the FCC to end an investigation into three data breaches the company experienced between 2021 and 2023.
According to the FCC, TracFone failed to protect several of its customer database APIs, allowing criminals to steal customer account and device information and personally identifiable information. The breach led to “numerous unauthorized port-outs.”
Not to be confused SIM swap Porting out is another scam that most carriers are completely unable to prevent. Porting out involves transferring your number entirely to another carrier, both of which can give attackers control over your customers’ devices.
TracFone has been ordered to implement a mandatory cybersecurity program with new provisions to mitigate API vulnerabilities, as well as SIM swap and port-out protections.®
