Watch out: Lenovo Thinkpad UEFI vulnerability affects DELL, HP and other computers
Almost everyone who has ever used modern computers, has encountered viruses or trojans, small programs that can harm your computer or notebook. That's why most users install antiviruses on their systems, especially on windows based computers.
Recently, a critical vulnerability in the Lenovo thinkpad's UEFI (a newer version of BIOS) has been found by Dmytro Oleksiuk, also known as Cr4sh. The vulnerability allows a small rootkit inside the low-level firmware to be installed, that may disable every single security feature to get over the antivurus protection.
Dmytro Oleksiuk not only discovered the vulnerability, but also came up with the exploit that is available on GitHub called "ThinkPwn".
For now, the vulnerability requires a physical access to the computer, but we're afraid that it could be possible that someone developed the remote access version.
This exploit has been tested on the following computers:
- HP Pavillion DV7 4087CL
- Fujitsu Lifebook A574/H
- Gigabyte Mainboards Ivy-Bridge
- Lenovo ThinkPad
The hardware manufactures gave up on this issue, and didn't respond immediately. We're hoping that this vulnerability will be fixed with the new firmware updates.
Nowadays, getting an SSL certificate is becoming mandatory as its popularity is increasing every year. It is one of the best ways to secure your website and protect all the data transferred between your website and the end-user
There are more than 4 millions mail servers affected by the new vulnerability (CVE-2019-10149) RCE in Exim.
Windows Defender will also be able to run in a sandbox, meaning that it will be isolated from the rest of the system, increasing security in the event of potential attacks. Windows 10 users can already try the feature.
The Tor browser unmasks the user's IP address under certain circumstances - so surfing anonymously is out of the question.