Posts

Cybersecurity Updates For Week 16 of 2022

CVE-2021-3970, CVE-2021-3971, CVE-2021-3972: Lenovo UEFI Firmware Vulnerabilities

Security company ESET discovered 3 new vulnerabilities in the UEFI firmware of Lenovo laptops which affected hundreds of Lenovo models including Lenovo Flex; IdeaPads; Legion; V14, V15, and V17 series; and Yoga laptops.

Read more:
https://securityonline.info/cve-2021-3970-lenovo-uefi-firmware-vulnerabilities/

Hackers Are Getting Caught Exploiting New Bugs More Than Ever

A pair of reports from Mandiant and Google found a spike in exploited zero-day vulnerabilities in 2021. The question is, why?

Read more:
https://www.wired.com/story/zero-day-exploits-vulnerabilities-google-mandiant/

Access Bypass, Data Overwrite Vulnerabilities Patched in Drupal

Drupal on Wednesday announced the release of security updates to resolve a couple vulnerabilities that could lead to access bypass and data overwrite.

Read More:
https://www.securityweek.com/access-bypass-data-overwrite-vulnerabilities-patched-drupal

Other news worth mentioning:

Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug
Critical Chipset Bugs Open Millions of Android Devices to Remote Spying
Denonia Malware Shows Evolving Cloud Threats
Oracle Releases 520 New Security Patches With April 2022 CPU
Emotet reestablishes itself at the top of the malware world

Reflections from Internetdagarna 2011

As we previously have mentioned on basefarm.se, we have been an exhibitor at the swedish digital event Internetdagarna 2011 in Stockholm. It was our first visit to Internetdagarna, but probably not the last! We had many nice discussions in our booth and met several interesting contacts. Moreover, our sales team could be seen in some pictures at Binero’s blog on their photo tour, and they where also seen on the pictures from IT24.

Our sales team would like to share 2 stories from Internetdagarna:

1. Internet is becoming an increasingly important part of the community

Today, everything from banking, insurance, social interaction and media (newspapers, television, news) as well as archives of personal creations on the Internet. But who really watches the Internet? Under the theme “United Nations and The Governance of the Internet” was that the topic of one of Monday’s themes. Should there be a UN for the Internet? Should NATO guard internet also and not only countries? To illustrate this, a history was told that NATO is threated by “hacker groups” because they were investigating and were asked to stop doing so. Read more about this.

2. Amazon is not only a bookstore or a rainforest

Amazon Web Services had sent their technology evangelist Matt Wood (@mza on Twitter) who spoked about the development of “pay-as-you-go” for infrastructure. We really liked this part especially when we (even though we are big in application management) sees a player like AWS as a natural part of the delivery. Can you rent out 30 472 cores for a few hours, there is demonstrably capacity that impress on tech geeks like us.

As a visitor, it was a lot of exiting events. As an exhibitor, we had however liked a bit more and longer pauses between the various speakers. It had given more time to talk to many of the exciting visitors who were there. Now it was a little speed-dating over the breaks.