August 9, 2024 at 10:21AM Cybersecurity researchers discovered vulnerabilities in Sonos smart speakers that could be exploited by attackers to eavesdrop on users, impacting all versions prior to Sonos S2 release 15.9 and Sonos S1 release 11.12. These findings were presented at Black Hat USA 2024 and reveal two security defects, CVE-2023-50809 and CVE-2023-50810, compromising … Read more
July 26, 2024 at 05:24PM Millions of Intel and ARM-based computing systems are vulnerable to attackers due to a leaked cryptographic key used in the Secure Boot process. The issue, dubbed “PKFail,” allows bypassing of Secure Boot and affects devices from vendors like Lenovo, HP, and Asus. Firmware updates are needed to address this widespread … Read more
July 26, 2024 at 05:51AM Binarly has identified a security vulnerability named “PKfail,” centered around an exposed American Megatrends International Platform Key (PK), utilized as a Secure Boot private key. This flaw, found in hundreds of computer models from various manufacturers, allows attackers to sign and execute malicious code during the device’s boot process, potentially … Read more
July 25, 2024 at 05:45PM UEFI products from 10 vendors are vulnerable to compromise due to a critical firmware supply-chain issue called PKfail, allowing attackers to bypass Secure Boot and install malware. The affected devices use a test Secure Boot master key from American Megatrends International, which often remains untrusted by OEMs. Vendors are advised … Read more