Watch out: Lenovo Thinkpad UEFI vulnerability affects DELL, HP and other computers
Almost everyone who has ever used modern computers, has encountered viruses or trojans, small programs that can harm your computer or notebook. That's why most users install antiviruses on their systems, especially on windows based computers.
Recently, a critical vulnerability in the Lenovo thinkpad's UEFI (a newer version of BIOS) has been found by Dmytro Oleksiuk, also known as Cr4sh. The vulnerability allows a small rootkit inside the low-level firmware to be installed, that may disable every single security feature to get over the antivurus protection.
Dmytro Oleksiuk not only discovered the vulnerability, but also came up with the exploit that is available on GitHub called "ThinkPwn".
For now, the vulnerability requires a physical access to the computer, but we're afraid that it could be possible that someone developed the remote access version.
This exploit has been tested on the following computers:
- HP Pavillion DV7 4087CL
- Fujitsu Lifebook A574/H
- Gigabyte Mainboards Ivy-Bridge
- Lenovo ThinkPad
The hardware manufactures gave up on this issue, and didn't respond immediately. We're hoping that this vulnerability will be fixed with the new firmware updates.
Buffer overflow in OpenSSL exploited when validating X.509 certificates
A company’s brand represents trust and a promise to do right by its customers. It allows consumers to quickly make purchases without questioning whether they can trust the receiver.
This is to announce that CyberSSL will only be able to issue public SSL / TLS certificates with a lifespan of 398 days (a bit over 1 year). The change takes place starting with 1 September 2020.
We all love free public WiFi when we are travelling, ordering food in a restaurant, waiting for a job interview, doing internet banking, relaxing at a beach café or in a hotel lobby – it is so convenient! – but, so do criminals.