Tag Archive for: lenovo

Your Lenovo Is Vulnerable to a New Malware Attack

/in


Image for article titled Your Lenovo Is Vulnerable to a New Malware Attack

Photo: Lukmanazis (Shutterstock)

Lenovo laptop users need to install critical security patches right away to fix several major vulnerabilities that leave their device open to dangerous malware attacks.

Why are Lenovo laptops vulnerable?

According to a recent Lenovo security bulletin, there are multiple bugs present in the Unified Extensible Firmware Interface (UEFI) in over 100 of the manufacturer’s laptop models that hackers could use to write and install modified firmware with hidden malware, which in turn opens the device—and the data on it—to further exploitation. Given the nature of the bugs, it would be virtually impossible to find and remove the modified firmware or the hidden malware installed on an infected device.

How can a hacker exploit my Lenovo’s security?

While serious, a hacker would need local administrator-level access to successfully exploit the UEFI vulnerabilities, which is only possible with either physical access to an affected device or remote access through a virtual desktop program. Anyone with cursory cybersecurity knowledge will recognize the threat such bugs could pose to enterprise-level Lenovo users and corporations that let employees use work machines remotely, but according to the list of affected devices, the vulnerabilities only appear on consumer-level Lenovo laptops where it’s far less likely for some random threat actor to achieve the necessary access.

As Ars Technica points out, there are only a few known instances of UEFI firmware hijackings: The infamous Trickbot malware; the “Lojax” malware written by Russian state hacker group Sednit; and a custom UEFI the cybersecurity firm Kaspersky discovered in 2018, though the only two targets were political figures from Asia.

So do I need to worry?

While it’s improbable to exploit these bugs in the wild, there’s still cause for concern for the average user. Hackers often dupe unsuspecting users into installing remote desktop software on their computers without realizing it, usually through phishing scams, fake ads, or modified download files. In some cases, hackers can even elevate their user privileges to install apps and firmware remotely—and the millions of unpatched Lenovo laptops…

Source…

Hackers can infect >100 Lenovo models with unremovable malware. Are you patched?

/in


Hackers can infect >100 Lenovo models with unremovable malware. Are you patched?

Getty Images

Lenovo has released security updates for more than 100 laptop models to fix critical vulnerabilities that make it possible for advanced hackers to surreptitiously install malicious firmware that can be next to impossible to remove or, in some cases, to detect.

Three vulnerabilities affecting more than 1 million laptops can give hackers the ability to modify a computer’s UEFI. Short for Unified Extensible Firmware Interface, the UEFI is the software that bridges a computer’s device firmware with its operating system. As the first piece of software to run when virtually any modern machine is turned on, it’s the initial link in the security chain. Because the UEFI resides in a flash chip on the motherboard, infections are difficult to detect and even harder to remove.

Oh, no

Two of the vulnerabilities—tracked as CVE-2021-3971 and CVE-2021-3972—reside in UEFI firmware drivers intended for use only during the manufacturing process of Lenovo consumer notebooks. Lenovo engineers inadvertently included the drivers in the production BIOS images without being properly deactivated. Hackers can exploit these buggy drivers to disable protections, including UEFI secure boot, BIOS control register bits, and protected range register, which are baked into the serial peripheral interface (SPI) and designed to prevent unauthorized changes to the firmware it runs.

After discovering and analyzing the vulnerabilities, researchers from security firm ESET found a third vulnerability, CVE-2021-3970. It allows hackers to run malicious firmware when a machine is put into system management mode, a high-privilege operating mode typically used by hardware manufacturers for low-level system management.

“Based on the description, those are all pretty ‘oh no’ sorts of attacks for sufficiently advanced attackers,” Trammel Hudson, a security researcher specializing in firmware hacks, told Ars. “Bypassing SPI flash permissions is pretty bad.”

He said the severity may be lessened by protections such as BootGuard, which is designed to prevent unauthorized people…

Source…

Lenovo Chromebook Flex 5 Review: The Flex 5 is a solid mid-range Chromebook for those on a tight budget – Notebooks

/in


US$389 / AU$625.82 at Amazon

Those looking for an inexpensive Chromebook are certainly spoiled for choice but, as mentioned in my guide to buying a laptop without getting screwed, buying the right Chromebook can be tricky. Many budget models have lackluster processors, minimal RAM, and sub-par displays.

Lenovo’s Chromebook Flex 5 is a 13-inch, 2-in-1 Chromebook that tries to outpace the most inexpensive systems without inflating the price. It’s mostly successful in its effort, but owners must tolerate occasional reminders of the system’s budget roots.

Lenovo Chromebook Flex 5 specs and features

I reviewed the Lenovo Chromebook Flex 5 13ITL5. It’s similar to the most basic model available through Lenovo’s own web store but bumps up the processor to an Intel Pentium Gold dual-core with two cores, four threads, and a maximum clock speed of 3.5GHz. 

  • CPU: Intel Pentium Gold 7505 @ 2GHz
  • Memory: 4GB DDR4
  • Graphics/GPU: Intel UHD
  • Display: 13.3-inch 1080p IPS touchscreen
  • Storage: 32GB eMMC
  • Webcam: 720p
  • Connectivity: 2x USB-C with DisplayPort, 1x USB-A, 3.5mm audio jack
  • Networking: Wi-Fi 6, Bluetooth 5
  • Biometrics: None
  • Battery capacity: 51 watt-hour
  • Dimensions: 0.67 x 8.43 x 12.2 inches
  • Weight: 2.97 pounds

Buyers should note that a similarly priced configuration is available through Amazon with an Intel Core i3-10110U processor and twice as much storage. I expect that model to perform better than my review unit, making it a better value overall.

Design and build quality

The Lenovo Chromebook Flex 5 is a surprisingly attractive and confident laptop. I particularly like the look of Best Buy’s exclusive configuration which is a deep navy blue. I’m always a sucker for alternative laptop colorways and I especially like how the Flex 5’s gray keycaps compliment the subdued blue chassis.

It feels substantial in-hand as well thanks to the metal display lid and the textured plastic of the laptop’s lower half. A bit of flex is noticeable when handling the laptop roughly, but it’s not obvious in normal day-to-day use. The display lid is especially rigid for a budget laptop, showing only the slightest hint of give.

That’s a good thing because, as mentioned, the Chromebook Flex 5 is a 2-in-1. You can…

Source…

How To Completely Remove Bitdefender Total Security and Internet Security

/in