ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Server stats:

1.5K
active users

83r71n

A recent discovery by Eclypsium's automated system, Automata, revealed a significant vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI firmware used across various Intel Core processors. This flaw, with a CVSS score of 7.5, could lead to a buffer overflow and potentially allow attackers to execute malicious code. Initially found in Lenovo ThinkPad models, it affects multiple versions of Phoenix firmware on Intel processors, including AlderLake, CoffeeLake, and others. This widespread issue underscores the importance of UEFI firmware in device security and highlights the risks posed by vulnerabilities in the firmware supply chain. Phoenix Technologies addressed the vulnerability on May 14, 2024, but given the complexity of the supply chain, many devices may still be at risk. Users are advised to check for firmware updates from their device manufacturer.

eclypsium.com/blog/ueficanhazb

Eclypsium | Supply Chain Security for the Modern Enterprise · UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware - Eclypsium | Supply Chain Security for the Modern EnterpriseSummary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile processors. The issue involves an unsafe variable in the Trusted Platform Module (TPM) configuration that could lead […]