Blog
Share This Post
[ad_1]
Almost 800 of more than 10,000 firmware images continue to leverage cryptographic keys exposed by the PKfail vulnerability, tracked as CVE-2024-8105, months after the discovery of the issue, posing an increased risk of being subjected to UEFI bootkit malware intrusions, according to BleepingComputer.
American Megatrends keys accounted for most of the vulnerable firmware, followed by those from Insidye and Phoenix, a report from Binarly showed. “Based on our data, we found PKfail and non-production keys on medical devices, desktops, laptops, gaming consoles, enterprise servers, ATMs, POS terminals, and some weird places like voting machines,” said the report, which also noted the vulnerability’s impact on Minisforum, Beelink, and Hardkernel devices. Numerous vendors, including Dell, Intel, Gigabyte, Fujitsu, and Supermicro, have already issued alerts regarding the issue although not all have acted quickly to notify users about the risks of PKfail. Organizations have been urged to isolate or restrict physical access to devices unlikely to be patched for PKfail.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
