Security Alerts & News
by Tymoteusz A. Góral

#1066 Lenovo scrambling to get a fix for BIOS vulnerability
Lenovo, and possibly other PC vendors, is exposed to a UEFI bug that can be exploited to disable firmware write-protection.

If the claims made by Dmytro Oleksiuk at Github are correct, an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise.”

The reason Oleksiuk believes other vendors are also vulnerable is that the buggy code is inherited from Intel. He writes that the SystemSmmRuntimeRt was copied from Intel reference code.
Read more
#1066 Lenovo scrambling to get a fix for BIOS vulnerability
#1065 A Chinese ad firm is using malware to get more clicks
#1064 Espionage toolkit targeting central and eastern Europe uncovered
#1063 Google Project Zero: A year of Windows kernel font fuzzing #2: the techniques
#1062 How China took center stage in Bitcoin’s civil war
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12