Search cyberveille.decio.ch

Found 6 bookmarks

Custom sorting

CVE-2024-36435 Deep-Dive: The Year’s Most Critical BMC Security Flaw

The Binarly REsearch team has consistently uncovered security vulnerabilities in the Baseboard Management Controller (BMC) firmware -- a critical component of modern data center infrastructure. These vulnerabilities can be exploited remotely by threat actors, posing significant risk to enterprises. In a previous report, “Old But Gold: The Underestimated Potency of Decades-Old Attacks on BMC Security,” we documented the BMC architecture in detail and showed that it is still possible to find classes of vulnerabilities known from the early 2000s.

#binarly #EN #2024 #BMC #firmware #CVE-2024-36435 #flow #Supermicro #research

·binarly.io·Sep 29, 2024

CVE-2024-36435 Deep-Dive: The Year’s Most Critical BMC Security Flaw

PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem

PKfail is a zero day disclosure detected by the Binarly REsearch Team and responsibly disclosed.

#binarly #EN #2024 #SecureBoot #PKfail #UEFI #Untrusted #DO-NOT-TRUST

·binarly.io·Jul 26, 2024

PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem

XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor

On March 29, right before Easter weekend, we received notifications about something unusual happening with the open-source project XZ Utils, which provides lossless data compression on virtually all Unix-like operating systems, including Linux. The initial warning was sent to the Open Source Security mailing list sent by Andres Freund, who discovered that XZ Utils versions 5.6.0 and 5.6.1 are impacted by a backdoor. A few hours later, the US government’s CISA and OpenSSF warned about a critical problem: an installed XZ backdoored version could lead to unauthorized remote access.

#binarly #EN #2024 #XZ #Supply-chain-attack #CVE-2024-3094 #Scanner

·binarly.io·Apr 3, 2024

XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor

The Far-Reaching Consequences of LogoFAIL

The Binarly REsearch team investigates vulnerable image parsing components across the entire UEFI firmware ecosystem and finds all major device manufacturers are impacted on both x86 and ARM-based devices.

#binarly #EN #2023 #UEFI #firmware #LogoFAIL

·binarly.io·Dec 2, 2023

The Far-Reaching Consequences of LogoFAIL

Binarly REsearch Uncovers Major Vulnerabilities in Supermicro BMCs

Behind the screens: An overview of hidden attack surfaces in powerful BMC chip infrastructure.

#binarly #EN #2023 #BMC #CVE-2023-40289 #Supermicro

·binarly.io·Oct 5, 2023

Binarly REsearch Uncovers Major Vulnerabilities in Supermicro BMCs

Leaked Intel Boot Guard keys:What happened? How does it affect the software supply chain?

Binarly is the world's most advanced automated firmware supply chain security platform. Using cutting-edge machine-learning techniques, Binary identifies both known and unknown vulnerabilities, misconfigurations, and malicious code in firmware and hardware components.

#binarly #EN #2023 #MSI #BootGuard #Leaked #Intel #supplychain

·binarly.io·May 10, 2023

Leaked Intel Boot Guard keys:What happened? How does it affect the software supply chain?