Infosec is crucial in modern security, yet many manufacturers are neglecting vital protections. Security boffins found numerous PCs and components using an ancient, leaked key for UEFI Secure Boot, leaving them vulnerable to attack. The exploitation of this PK could compromise the entire security chain from firmware to the operating system. Other critical vulnerabilities include an old IE bug still being utilized today and DNS flaws leading to denial of service. Stalkerware vendors continue to be breached, highlighting their disregard for private data protection. Multifactor authentication remains a key defense, as seen in the rise of ransomware attacks due to compromised credentials. TracFone was fined $16 million for multiple data breaches, emphasizing the importance of securing customer data.
https://www.theregister.com/2024/07/29/infosec_roundup/