New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models

The Hacker News Daily Updates How Enterprises Are Attacking the Cybersecurity Problem Report Cloud, supply chain, and endpoint security emerge as major focus areas Download Now Sponsored LATEST NEWS Nov 10, 2022 Researchers Uncover PyPI Package Hiding Malicious Code Behind Image File A malicious package discovered on the Python Package Index (PyPI) has been found employing a steganographic trick to conceal malicious code within image files. The package in question, named "apicolor," was uploaded to the Python third-party repository on October 31, 2022, and described as a "Core ... Read More Is Cybersecurity Awareness Month Anything More Than PR? Cybersecurity Awareness Month has been going on since 2004. This year, Cybersecurity Awareness Month urged the public, professionals, and industry partners to "see themselves in cyber" in the following ways:  The public, by taking action to stay safe online. Professionals, by joining the cyber ... Read More Top 10 Vulns Impacting Open Source in 2022 You might know all about the incredibly useful and insightful OWASP Top 10 list from 2021, but what about the exact CVEs that could be lurking in your applications? Check out Snyk Top 10 Open Source Vulnerability report to get up to date on 2022's most common ... Read More Citrix Issues Patches for Critical Flaw Affecting ADC and Gateway Products Citrix has released security updates to address a critical authentication bypass flaw in the application delivery controller (ADC) and Gateway products that could be exploited to take control of affected systems. Successful exploitation of the issues could enable an adversary to gain authorized ... Read More High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies Cybersecurity researchers have disclosed details of a new vulnerability in a system used across oil and gas organizations that could be exploited by an attacker to inject and execute arbitrary code. The vulnerability, tracked as CVE-2022-0902 (CVSS score: 8.1), is a path-traversal vulnerability in ... Read More Re-Focusing Cyber Insurance with Security Validation The rise in the costs of data breaches, ransomware, and other cyber attacks leads to rising cyber insurance premiums and more limited cyber insurance coverage. This cyber insurance situation increases risks for organizations struggling to find coverage or facing steep increases. Some Akin Gump ... Read More New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models PC maker Lenovo has addressed yet another set of three shortcomings in the Unified Extensible Firmware Interface (UEFI) firmware affecting several Yoga, IdeaPad, and ThinkBook devices. "The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. ... Read More APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network The Russia-linked APT29 nation-state actor has been found leveraging a "lesser-known" Windows feature called Credential Roaming following a successful phishing attack against an unnamed European diplomatic entity. "The diplomatic-centric targeting is consistent with Russian strategic priorities as ... Read More How Enterprises Are Attacking the Cybersecurity Problem Report Cloud, supply chain, and endpoint security emerge as major focus areas Download Now Sponsored This email was sent to myemailku.ghdbrevo2018@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here. Contact The Hacker News: info@thehackernews.com Unsubscribe The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India