Encryption, Vulnerability Management, Threat Intelligence

Significant PKfail vulnerability continues to be prevalent

September 18, 2024

Many different letters, numbers and special symbols, and silhouette of key as symbol of password. Concept of strong password creating, password-protected data, information security

Almost 800 of more than 10,000 firmware images continue to leverage cryptographic keys exposed by the PKfail vulnerability, tracked as CVE-2024-8105, months after the discovery of the issue, posing an increased risk of being subjected to UEFI bootkit malware intrusions, according to BleepingComputer.

American Megatrends keys accounted for most of the vulnerable firmware, followed by those from Insidye and Phoenix, a report from Binarly showed. "Based on our data, we found PKfail and non-production keys on medical devices, desktops, laptops, gaming consoles, enterprise servers, ATMs, POS terminals, and some weird places like voting machines," said the report, which also noted the vulnerability's impact on Minisforum, Beelink, and Hardkernel devices. Numerous vendors, including Dell, Intel, Gigabyte, Fujitsu, and Supermicro, have already issued alerts regarding the issue although not all have acted quickly to notify users about the risks of PKfail. Organizations have been urged to isolate or restrict physical access to devices unlikely to be patched for PKfail.

SC Staff

Glowing digital key on a dark circuit board symbolizing cybersecurity and data encryption. Cybersecurity awareness, data protection, digital security, IT, information safety, encryption concept.

Application security

Exposed APP_KEYs threaten widespread Laravel app compromise

SC StaffJuly 14, 2025

Exposed APP_KEYs threaten widespread Laravel app compromise More than 600 apps in the open-source PHP web framework Laravel could be subjected to remote code execution attacks using APP_KEYs for data encryption that have been exposed on GitHub, according to The Hacker News.