Tag: laptops

By  Ravie Lakshmanan for The Hacker News

Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices.

Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two “affect firmware drivers originally meant to be used only during the manufacturing process of Lenovo consumer notebooks,” ESET researcher Martin Smolár said in a report published today.

“Unfortunately, they were mistakenly included also in the production BIOS images without being properly deactivated,” Smolár added.

Successful exploitation of the flaws could permit an attacker to disable SPI flash protections or Secure Boot, effectively granting the adversary the ability to install persistent malware that can survive system reboots.

UEFI Firmware Vulnerabilities

CVE-2021-3970, on the other hand, relates to a case of memory corruption in the System Management Mode (SMM) of the firm, leading to the execution of malicious code with the highest privileges.

The three flaws were reported to the PC maker on October 11, 2021, following which patches were issued on April 12, 2022. A summary of the three flaws as described by Lenovo is below –

CVE-2021-3970 – A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2021-3971 – A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify the firmware protection region by modifying an NVRAM variable.
CVE-2021-3972 – A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
The weaknesses, which impact Lenovo Flex; IdeaPads; Legion; V14, V15, and V17 series; and Yoga laptops, add to the disclosure of as many as 50 UEFI firmware vulnerabilities in Insyde Software’s InsydeH2O, HP, and Dell since the start of the year.

Included in the list are six severe flaws in HP’s firmware affecting laptops and desktops that, if successfully exploited, could allow attackers to locally escalate to SMM privileges and trigger a denial-of-service (DoS) condition.

“UEFI threats can be extremely stealthy and dangerous,” Smolár said. “They are executed early in the boot process, before transferring control to the operating system, which means that they can bypass almost all security measures and mitigations higher in the stack that could prevent their OS payloads from being executed.”

 

School robbed of laptops, groceries

By Molaole Montsho for IOL

Four men were arrested for allegedly stealing 18 laptops, a projector and groceries valued at R78 000 from a school in Bloemfontein on Tuesday.

Free State police spokesperson Brigadier Motantsi Makhele said the men, aged between 17 and 25, were arrested on Tuesday morning after police acted on an intelligence-driven operation around Ipopeng and Freedom Square.

“A principal from the local school in Olive Hill, Navalsig, received an alarm notification from school. Upon arrival at about 08.30, he realised that a window to the storeroom was broken. He discovered that 18 HP laptops, school feeding scheme groceries and a projector, all valued at R78 000, were stolen. A case of burglary was opened for investigation,” Makhele said.

The first suspect was apprehended in Ipopeng, where one laptop was recovered. Information led police to Freedom Square where 11 more laptops were recovered and three suspects arrested, Makhele said.

“Upon further investigation, police recovered three more laptops that were already sold to a second-hand goods dealer in town. Investigations are under way to recover the remaining laptops.”

The four are expected to appear in the Bloemfontein Magistrate’s Court soon facing charges of business burglary and the possession of suspected stolen property.

Free State provincial commissioner Lieutenant-General Baile Motswenyane advised residents to refrain from buying suspected stolen goods as they would also be charged. She encouraged second-hand goods dealers to request proof of ownership when they bought second-hand goods.

In the Eastern Cape, two men were arrested on Tuesday in connection with a house robbery in Gelvandale, police said.

Spokesperson Captain Sandra Janse van Rensburg said a woman was woken by a noise at 1am to find three men in her bedroom.

The suspects fled with a television set and her cellphone.

The woman woke up the other occupants in the house and, while they were waiting for the police to arrive, the suspects returned. As the police arrived on the scene, they were informed that the the suspects had returned and a description of the suspects was provided to them.

The police received information that the men were hiding in a house in Gelvandale.

Two suspects were arrested and the stolen television set recovered.

The suspects, aged 19 and 20, were arrested on charges of house robbery and will appear in the Gelvandale Magistrate’s Court during the week.

 

There is no doubt that technology has changed the way we live – from smart fridges to cloud computing and the Internet of Things, technology permeates every aspect of our lives. It therefore makes sense that educational institutions are evolving to encompass technology in order to better prepare learners for the high-tech world waiting for them.

Continue reading

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top