A new week in cyber security news… | Smart Thinking Solutions

After all the “excitement” of CrowdStrike last week, let’s start this week with some good old fashioned bad news cyber security research.

Secure Boot is completely broken on 200+ models from 5 big device makers | Ars Technica

Let’s get a definition of Secure Boot from Copilot AI:

“Secure Boot is a recognised security standard that ensures a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM). It is a modern cyber security that has replaced the traditional BIOS on computers. Secure Boot works by verifying that the operating system’s bootloader is signed with a valid digital signature before allowing it to launch. This process helps protect against malware that attempts to load during the startup process and is a fundamental part of a secure boot-up sequence.”

I would have said is simpler, “it is your first step in having a cyber secure device as it prevents threat actors injecting malicious code into your system before other security tools are functioning.”

You get the message – it is important.

Supply Chain Breakdown

Researchers from security firm Binarly have demonstrated that Secure Boot is compromised on about 215 devices sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cyber security flaw arises from the use of a compromised cryptographic key, which is the underlying technology that makes the process secure. This key was published in a public forum on GitHub, in 2022, by someone working for a major manufacturer and although subsequent marked as “DO NOT TRUST”, it was!

The researchers have given this vulnerability the name PKfail.

Your Takeaway

There are a few instances of malware that can take advantage of a compromised Secure Boot, they are few and far between… at the moment. Remember also this only impacts machines manufacturer after the key was compromised in 2022. Manufacturers need to issue updates for the compromised and then you need to apply them. Although not hard to do equipment firmware updates are not as straight forward as software updates, so some care needs to be taken.

Also remember that even though last weeks CrowdStrike chaos was caused by an update they issued themselves, you still need to apply all cyber security patches and updates in a timely manner.

Apply all patches and updates even though CrowdStrike messed up

Do you want to know more?

Clive Catton MSc (Cyber Security) – by-line and other articles

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Supply Chain Breakdown

Your Takeaway

Further Reading