Cybersecurity Starts in the Boardroom
This is not the first time Lenovo laptops have been found to have firmware issues – we do not specify Lenovo to our clients! New UEFI firmware flaws impact over 70 Lenovo laptop models (bleepingcomputer.com) Do you have a Lenovo laptop? If so then this post is for you. – …
Continue reading “More Lenovo Laptop firmware vulnerabilities”
It is that time again – among the fixes and patches from Microsoft, for July 2022 is one addressing CVE-2022-22047, Windows Elevation of Privilege Vulnerability – according to Microsoft a zero-day flaw that is being exploited by threat actors. For more details see Bleeping Computer’s excellent round-up of Patch Tuesday: …
We will start with the good news – the zero-day threat Follina/msdt.exe has been patched. Let’s hope that it really is the fix we all need! Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws (bleepingcomputer.com) There are other fixes in the update, for Excel, Edge, Microsoft networking etc …
Continue reading “Microsoft Patch Tuesday – Follina zero-day fixed”
The developers of the Chrome extension, Screencastify, used for capturing and sharing videos from websites, have fixed an issue where victim could have been spied on using the webcam in their device. Any recorded video could then have been stolen. Chrome extension Screencastify fixes webcam spy bug • The Register
If the patch is not effective or worse it breaks something else whilst fixing the vulnerability. This happened to Microsoft: Microsoft fixes Windows authentication woes • The Register But you still have to run those patches and updates as an unpatched system is a target for threat actors. Better to …
Continue reading “I love patches as part of a cyber security plan – but there is a problem!”
