When it comes to security, you like to think that your computers are at least the little bit safe from people who might want to cause you harm. We are reminded on a weekly basis that this may not be true as companies are hacked, accounts are sold online and software is hacked. The latest of these is a breach that sees Lenovo’s ThinkPads suffering from a zero-day firmware issue that could leave the laptops exposed to all kinds of security risks.
The zero-day exploit is courtesy of a privilege escalation flaw found within the Unified Extensible Firmware Interface (UEFI) driver. The exploit, titled ThinkPwn, was published by researcher Dmytro Oleksiuk and would allow hackers to execute code as if they were part of the System Management Mode (SMM). The SMM is typically reserved as a privileged operating mode for the CPU.
The flaw could be used to disable features such as Secure Boot, something that helps protect your computers against boot-level rootkits. According to Lenovo, the flaw was not in their unique version of the UEFI but rather in an implementation provided to the company. As a precaution, Lenovo has stated that they are now working with various companies to rule out any additional issues in the BIOS code provided to the company.
Electronic Arts (EA) announced today that its games were played for over 11 billion hours…
Steam's annual end-of-year recap, Steam Replay, provides fascinating insights into gamer habits by comparing individual…
GSC GameWorld released a major title update for STALKER 2 this seeking, bringing the game…
Without any formal announcement, Intel appears to have revealed its new Core 200H series processors…
Ubisoft is not having the best of times, but despite recent flops, the company still…
If you haven’t started playing STALKER 2: Heart of Chornobyl yet, now might be the…