Security Alerts & News
by Tymoteusz A. Góral

History
#1075 Scope of ThinkPwn UEFI zero-day expands
A serious hardware vulnerability, thought to be confined to UEFI drivers in Lenovo and HP laptops, has also been found in firmware running on motherboards sold by Gigabyte.

The flaw was publicly disclosed last week by researcher Dmytro Oleksiuk. No patches are yet available.

Oleksiuk said the flaw, which he calls ThinkPwn, is in the SystemSmmRuntimeRt UEFI driver, which he found on firmware in Lenovo ThinkPad laptops.

“Vulnerability is present in all of the ThinkPad series laptops, the oldest one that I have checked is X220 and the newest one is T450s (with latest firmware versions available at this moment),” Oleksiuk wrote on a Github entry. Oleksiuk published proof-of-concept exploit code for the vulnerability last week along with his disclosure.
Read more
#1078 Encryption bypass vulnerability impacts half of Android devices
#1077 TPLINK loses control of two device configuration domains
#1076 MRI software bugs could upend years of research
#1075 Scope of ThinkPwn UEFI zero-day expands
#1074 Android Nougat prevents ransomware from resetting device passwords
#1073 This Android malware has infected 85 million devices and makes its creators $300,000 a month
#1072 Identity fraud up by 57% as thieves target social media
#1071 Tor Privacy settings coming to Firefox
#1070 Satana ransomware – threat coming soon?
#1069 Don’t pay the Ransom! AVG releases six free decryption tools to retrieve your files
#1068 How to detect most malicious macros without an antivirus
#1067 MIT's Swarm chip architecture boosts multi-core CPUs
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12