Cybersecurity Updates For Week 16 of 2022

CVE-2021-3970, CVE-2021-3971, CVE-2021-3972: Lenovo UEFI Firmware Vulnerabilities

Security company ESET discovered 3 new vulnerabilities in the UEFI firmware of Lenovo laptops which affected hundreds of Lenovo models including Lenovo Flex; IdeaPads; Legion; V14, V15, and V17 series; and Yoga laptops.

Read more:
https://securityonline.info/cve-2021-3970-lenovo-uefi-firmware-vulnerabilities/

Hackers Are Getting Caught Exploiting New Bugs More Than Ever

A pair of reports from Mandiant and Google found a spike in exploited zero-day vulnerabilities in 2021. The question is, why?

Read more:
https://www.wired.com/story/zero-day-exploits-vulnerabilities-google-mandiant/

Access Bypass, Data Overwrite Vulnerabilities Patched in Drupal

Drupal on Wednesday announced the release of security updates to resolve a couple vulnerabilities that could lead to access bypass and data overwrite.

Read More:
https://www.securityweek.com/access-bypass-data-overwrite-vulnerabilities-patched-drupal

Other news worth mentioning:

Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug
Critical Chipset Bugs Open Millions of Android Devices to Remote Spying
Denonia Malware Shows Evolving Cloud Threats
Oracle Releases 520 New Security Patches With April 2022 CPU
Emotet reestablishes itself at the top of the malware world