Significant PKfail vulnerability continues to be prevalent

Share This Post



Almost 800 of more than 10,000 firmware images continue to leverage cryptographic keys exposed by the PKfail vulnerability, tracked as CVE-2024-8105, months after the discovery of the issue, posing an increased risk of being subjected to UEFI bootkit malware intrusions, according to BleepingComputer.

American Megatrends keys accounted for most of the vulnerable firmware, followed by those from Insidye and Phoenix, a report from Binarly showed. “Based on our data, we found PKfail and non-production keys on medical devices, desktops, laptops, gaming consoles, enterprise servers, ATMs, POS terminals, and some weird places like voting machines,” said the report, which also noted the vulnerability’s impact on Minisforum, Beelink, and Hardkernel devices. Numerous vendors, including Dell, Intel, Gigabyte, Fujitsu, and Supermicro, have already issued alerts regarding the issue although not all have acted quickly to notify users about the risks of PKfail. Organizations have been urged to isolate or restrict physical access to devices unlikely to be patched for PKfail.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Blogs

Mickey Mouse operation hacked by former employee

A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers. Michael Scheuer, a former system administrator with the

Do You Want To Boost Your Business?

drop us a line and keep in touch