#VendorResponse

PKfail Secure Boot bypass remains a significant risk two months later

by

September 17, 2024 at 09:32AM Roughly 9% of tested firmware images use non-production cryptographic keys, making Secure Boot devices vulnerable to UEFI bootkit malware attacks. Known as ‘PKfail’, this supply chain attack affects various computer manufacturers and has been addressed by Binarly, who released a “PKfail scanner” to identify vulnerable firmware submissions. Vendors are taking … Read more

Students Spot Washing Machine App Flaw That Gives Out Free Cycles

by

May 20, 2024 at 03:32PM UCSC students Alexander Sherbrooke and Iakov Taranenko discovered a security flaw in CSC ServiceWorks washing machines, allowing for free unlimited laundry cycles. Despite reporting the bug to the company and posting about it on Slug Security, CSC has not responded or fixed the vulnerability. Taranenko highlighted the potential financial impact … Read more