Secure Boot useless on hundreds of PCs from major vendors after key leak
Plus: More stalkerware exposure; a $16M TracFone fine; Ransomware victims don’t use MFA, and more
Protecting computers’ BIOS and the boot process is essential for modern security. However, a recent study by Binarily found that hundreds of PCs from major vendors like Dell, Acer, Fujitsu, Gigabyte, HP, Lenovo, and Supermicro are vulnerable to exploitation due to the use of an untrusted test platform key (PK) leaked in 2022.
This PK is over 12 years old and was intended for lab use only. Binarily warns that an attacker with access to the private part of the PK can easily bypass Secure Boot by manipulating databases. The researchers found that more than ten percent of firmware images are vulnerable to exploitation, making this one of the longest-lasting supply chain vulnerabilities.
If exploited, an attacker could run untrusted code during the boot process, compromising the entire security chain. Binarily has released a free scanning tool to check systems for vulnerability and recommends device manufacturers step up to fix this issue.
Critical vulnerabilities of the week: That KEV is how old?
A use-after-free vulnerability in Internet Explorer versions 6 through 8 that allows remote attackers to execute arbitrary code has been exploited in the wild. If you still have a machine running IE 6 to 8, it may be time to upgrade or replace it.
Four vulnerabilities were identified in the Berkeley Internet Name Domain (DNS) system flagged by the Internet Systems Consortium. These flaws can lead to denial of service if exploited. It’s recommended that patches are installed as soon as possible.
Another stalkerware vendor breached
TechCrunch was handed a bunch of files stolen from Minnesota-based SpyTech, which monitors devices to snoop on user activities. The files, verified as authentic, contain data belonging to over 10,000 devices going back to 2013. This highlights the importance of protecting private data.
And turn on MFA while you’re at it
Cisco Talos released a quarterly report on incident response trends, revealing that around 80 percent of ransomware engagements occurred at organizations without multifactor authentication (MFA). Compromised credentials have been the most popular way of gaining initial access for the third quarter in a row.
TracFone fined $16 million for trio of breaches
Verizon subsidiary TracFone has agreed to pay the FCC $16 million to end investigations into three data breaches that occurred between 2021 and 2023. The breaches resulted in unauthorized port-outs, giving attackers control over customer devices. TracFone has been ordered to implement mandatory cybersecurity programs to reduce API vulnerabilities and prevent SIM swaps and port outs.
Source: https://www.theregister.com/2024/07/29/infosec_roundup/