Security News

Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident
2023-01-14 08:41

DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "Sophisticated attack" took place on December 16, 2022, and that the malware went undetected by its antivirus software.

New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection
2022-11-29 16:39

Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as an issue that "May allow changes to Secure Boot settings by creating NVRAM variables." Credited with discovering the flaw is ESET researcher Martin Smolár, who previously disclosed similar bugs in Lenovo computers.

New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection
2022-11-29 16:39

Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as an issue that "May allow changes to Secure Boot settings by creating NVRAM variables." Credited with discovering the flaw is ESET researcher Martin Smolár, who previously disclosed similar bugs in Lenovo computers.

Linux Kernel 5.19.12 bug could damage Intel laptop displays
2022-10-06 15:07

Linux users have reported seeing weird white flashes and rapid blinking on their Intel laptop displays after upgrading to Linux kernel version 5.19.12, leading to warnings that the bug may damage displays. Besides being a visual annoyance, the unexpected screen flickering prevents users from doing anything on their systems, and Intel Linux kernel engineer Ville Syrjäl warns that it could also damage the display.

Laptop denial-of-service via music: the 1980s R&B song with a CVE!
2022-08-22 18:03

According to Chen, a major laptop maker of the day complained that Windows was prone to crashing when certain music was played through the laptop speaker. The crashes, it seems were not limited to the laptop playing the song, but could also be provoked on nearby laptops that were exposed to the "Vulnerability-triggering" music, and even on laptops from other vendors.

New UEFI firmware flaws impact over 70 Lenovo laptop models
2022-07-13 16:15

The UEFI firmware used in several laptops made by Lenovo is vulnerable to three buffer overflow vulnerabilities that could enable attackers to hijack the startup routine of Windows installations. Lenovo has issued a security advisory disclosing three medium severity vulnerabilities tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892.

New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
2022-04-19 19:31

Three high-impact Unified Extensible Firmware Interface security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two "Affect firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks," ESET researcher Martin Smolár said in a report published today.

ESET uncovers vulnerabilities in Lenovo laptops
2022-04-19 15:00

Got a Lenovo laptop? You might need to do a swift bit of patching judging by the latest set of vulnerabilities uncovered by security researchers at ESET. Three vulnerabilities were reported today: CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972."UEFI threats can be extremely stealthy and dangerous," said ESET researcher Martin Smolár, who discovered the vulnerabilities.

Lenovo UEFI firmware driver bugs affect over 100 laptop models
2022-04-19 13:01

Lenovo has published a security advisory on vulnerabilities that impact its Unified Extensible Firmware Interface loaded on at least 100 of its laptop models. A total of three security issues were discovered, two of them allowing an attacker to disable the protection for the SPI flash memory chip where the UEFI firmware is stored and to turn off the UEFI Secure Boot feature, which ensures the system loads at boot time only code trusted by the Original Equipment Manufacturer.

Okta confirms support engineer's laptop was hacked in January
2022-03-22 22:52

Okta confirmed today they suffered a security incident in January this year when hackers gained access to the laptop of one of its support engineers that could initiate passwords resets fort customers. Results from the forensic investigation showed that the attacker had an opportunity window of five days, during which time the intruder had access to the laptop of an Okta support engineer that could initiate passwords resets fort customers.