Security News
Eclypsium said on Monday that, despite years of warnings from experts - and examples of rare in-the-wild attacks, such as the NSA's hard drive implant - devices continue to accept unsigned firmware. The infosec biz said a miscreant able to alter the firmware on a system - such as by intercepting or vandalizing firmware downloads, or meddling with a device using malware or as a rogue user - can do so to insert backdoors and spyware undetected, due to the lack of cryptographic checks and validations of the low-level software.
Eclypsium said on Monday that, despite years of warnings from experts - and examples of rare in-the-wild attacks, such as the NSA's hard drive implant - devices continue to accept unsigned firmware. The infosec biz said a miscreant able to alter the firmware on a system - such as by intercepting or vandalizing firmware downloads, or meddling with a device using malware or as a rogue user - can do so to insert backdoors and spyware undetected, due to the lack of cryptographic checks and validations of the low-level software.
TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP laptops and the Wi-Fi adapter on Dell XPS laptops were all found to lack secure firmware update mechanisms with proper code-signing. Eclypsium researchers analyzed a Lenovo ThinkPad X1 Carbon 6th Gen laptop, which contains two vulnerable firmware mechanisms: Touchpad firmware and TrackPoint firmware.
Pivot3, a leading provider of intelligent infrastructure solutions, announced that it is providing its hyperconverged infrastructure (HCI) software platform to Lenovo Datacenter Group (DCG) to...
Independent researchers found 125 different CVEs across 13 different router and NAS models.
As more people keep their smartphones for longer, the survey found that most companies are failing to update older versions.
Uninstall Solution Centre or your security could be gone in 300 seconds Not only has a vulnerability been found in Lenovo Solution Centre (LSC), but the laptop maker fiddled with end-of-life dates...
Solution Centre WONTFIX amid EOL date shenanigans Not only has a vulnerability been found in Lenovo Solution Centre (LSC), but the laptop maker fiddled with end-of-life dates to make it seem less...
Security researchers at Pen Test Partners have found a privilege escalation flaw in the much-maligned Lenovo Solution Center software.
The notebook maker is warning users of three separate vulnerabilities.