- Jul 19, 2022

Firmware vulnerabilities, this time Lenovo

Lenovo released patches for vulnerabilities in its firmware that potentially allow attackers to install malware "underneath" the operating system. This means ensuring the persistence (automatic launch) of malware beyond the detection capabilities of antimalware or EDR tools at the operating system level.

The vulnerabilities affect the UEFI firmware running a number of Lenovo laptop models, including the Yoga, ThinkBook, and IdeaPad - labeled as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892.

The problem with these and similar vulnerabilities is that firmware is usually not covered by automatic patching policies like other elements of operating systems, and its upgrades usually require manual intervention on the employee's computer or laptop.

Read more about latest Lenovo firmware vulerabilities.

Moscow OT Infrastructure Breached: the Lessons

Here we go again: A Public-Facing Vulnerability in Palo Alto Networks Firewalls

Supply chain attack against open source?

Ransomware accelerates the move to cloud services? The British Library case

The latest SEC cybersecurity incident disclosures - what's the result so far?

UnitedHealth ransomware attack - what's behind it?

Business Email Compromise (BEC), more costly than ransomware?

Latest Exchange vulnerability not serious, but a warning for customers

The Ivanti Blunder - Consider the Risks

Another Vulnerability, Another Scramble for Patching - This Time Fortinet