Several popular Lenovo consumer models, including IdeaPad, Legion, and more, have been found to be vulnerable to UEFI firmware security bugs. The vulnerabilities can lead to privilege of escalation.
Security flaw RSS
Azure Defender for IoT had five security vulnerabilities that SentinelOne‘s SentinelLabs had discovered and proactively reported to Microsoft. Some of the flaws are rated "Critical" for severity.
Google has released Chrome v99.0.4844.84 to the Stable Channel. The update for the web browser is available for all desktop OSes and includes a security fix for a vulnerability rated 'High'.
An unofficial patch for a Windows LPE security vulnerability under "CVE-2021-34484" is out, one that was supposedly fixed by Microsoft via its Patch Tuesday updates twice, but apparently not.
Intel and ARM are vulnerable to the Spectre-BHB flaw, but AMD is apparently troubled by Spectre v2, which it should have fixed back in 2018. AMD has now issued a new fix for the CVE-2017-5715 bug.
A new CPU exploit based on the infamous Spectre v2 has been discovered. However, when the security patch is applied it can affect performance by up to 36%, that's according to a recent study.
Mozilla has released Firefox v97.0.2. It's an out-of-band security update to patch two "Critical" security flaws that are being exploited in the wild. These 0-Days rely on the 'Use-after-free' bug.
Linux is a lot safer than Windows, macOS, and others because open-source programmers are racing to fix security vulnerabilities in record time, claim security researchers at Google's Project Zero.
Google's Project Zero team has shared some interesting stats regarding its findings for the past couple of years today. Interestingly, it found the most security issues in Microsoft products.
Firmware security research firm Binarly has revealed that it discovered nearly two dozen vulnerabilities in InsydeH2O UEFI used by several vendors like Microsoft, Intel, Dell, HP, and more.
ESET has released updated builds for a whole bunch of its products on Windows. These updated product builds fix a local privilege escalation (LPE) vulnerability that the firm learned about last year.
An LPE security vulnerability under the ID CVE-2021-4034 was found by Linux security researchers at Qualys. The bug has been present for 12+ years and almost every major Linux distro is vulnerable.
A new Local Privilege Escalation bug affecting all prevalent versions of Windows OS has received unofficial patches from 0Patch after Microsoft refused to fix the NTLM authenticating protocol.
Microsoft had discovered a macOS security vulnerability inside the TCC that can allow an attacker to gain control over a Mac's various settings. A patch is already out via the macOS Monterey 12.1.
HP has issued a list of its printers that are vulnerable to a new "Critical" buffer overflow bug that can lead to exploitation. Fortunately, patched firmware for these models has also been released.
AMD has published a long list of security bugs and exploits that its Windows 10 graphics driver was susceptible to. Thankfully for Radeon GPU owners, these exploits have since been patched.
Intel has published an updated security advisory for a couple of new LPE bugs that were discovered. A lot of the newer CPUs, except Alder Lake, are vulnerable too. Firmware patches are rolling out.
Intel disabled DirectX 12 on its 4th Gen Core lineup dubbed Haswell via a graphics driver update. The company stated that this was done to mitigate a security bug that it found on these CPUs.
A WHQL-certified driver called "FiveSys" was detected by Bitdefender which was, in reality, a malicious rootkit. After learning about it, the driver's signature has since been removed by Microsoft.
The latest Edge and Chrome Stable Channel builds contain a fix for a critical User-After-Free memory flaw which could allow attackers to execute malicious code upon successful exploitation.
This last week saw the unveiling of a number of gaming-related Microsoft news, as well as the expected Windows 11 test builds, and even new security flaws. Be sure to catch up via our overview.
In the last seven days, we've seen the release of official Windows 11 ISOs, the discovery of another security flaw, and even a higher-res Xbox dashboard. Be sure to catch up via our handy overview.
According to a report, Microsoft's PrintNightmare security flaw is being exploited by a ransomware group called Vice Society. This group is apparently using an associated DLL to infect systems.
Microsoft has released today a new Print spooler service security vulnerability advisory under the ID CVE-2021-36958. As a temporary solution, the firm has asked users to disable the process.
A new eCh0raix ransomware variation has been infecting NAS devices since last year according to a report. The new variant can now attack both QNAP and Synology NAS systems simultaneously.
Google has decided to launch a new dedicated website that unifies the different VRPs and makes publishing bug reports and submissions easier. This is to celebrate 10 years of its VRP.
This week, we've seen the release of a new Windows 11 test build, the reveal of some future game releases, and the advent of the HiveNightmare security flaw. Be sure to catch up via our overview.

Microsoft provides workaround for HiveNightmare registry vulnerability that affects Windows 10 and 11
Microsoft has acknowledged the new HiveVulnerability flaw found recently in Windows 10 and 11 builds. The company is yet to patch the problem but has released a workaround for the vulnerability today.
This past week has seen PrintNightmare patches come out (and be contested), the arrival of new Insider builds, additional Game Pass games, and more. Be sure to catch up via our handy overview.
Project OneFuzz is an extensible fuzz testing framework for Azure. The new tool has been made available on GitHub under an MIT license, and will continue to be maintained and expanded.
Check Point Research uncovered a vulnerability on Alexa that could have exposed users' personal information. The flaw could have been triggered by clicking on a link to a page with malicious code.
Nintendo has updated its statement regarding a security breach back in April, saying 140,000 additional accounts may have been affected. These accounts have had their passwords reset.
'Thunderspy' affects devices Thunderbolt-enabled devices manufactured before 2019. Within five minutes, a locked and encrypted device can be hacked into, and then the data can be accessed.
Researchers discovered security flaws in the immensely popular social media application that would have allowed hackers to access users' personal data and manipulate the content on their accounts.
Government Payment Service, a U.S. company used by state and local governments for fine and bail payments, has reportedly compromised more than 14 million sensitive user records dating back to 2012.
In a major security oversight by Epic Games, Google identified a flaw in the Fortnite installer for Android allowing alternative APKs to be quietly installed with all requested permissions.
TeenSafe, a child monitoring app for Android and iOS, left its user information exposed in an unprotected Amazon server, revealing user information of both parents and kids, including passwords.
Two independent Israeli researchers have found a loophole with Microsoft's digital assistant- Cortana. The assistant can be used by anyone with malicious intent to bypass a locked PC.
In its quarterly earnings call for investors, the company vowed that it was working to fix the flaws in its chips, and vowed that its processors due out later this year will be vulnerability-free.
A newly discovered security flaw lets anyone gain full access to the Moto G5 Plus sold under Amazon's Prime Exclusive Phone program, by simply tapping on an advert on the lock screen.