You’d like to think that brand new IT equipment is as malware resistant as possible. But, as Lenovo has discovered, this isn’t always the case.

In a highly embarrassing move for the company, Lenovo has had to issue an announcement that more than 100 of their laptop models are at risk of BIOS vulnerabilities. And remember, Lenovo ship a lot of computers; in the first quarter of 2022, Lenovo shipped 18.3 million units. Therefore, the impact of these vulnerabilities has the potential to be huge.

Sadly, it’s not the first time that Lenovo has found themselves in this situation. A number of rookie errors have been made in the past such as preloading laptops with spyware and the Lenovo rootkit fiasco. Some may argue that a company of this size will always have their mistakes magnified, but the risk posed by these mistakes is significant. Accordingly, it’s important to understand what this risk is and how you can protect yourself.

What is a BIOS Vulnerability?

Once you turn a PC on, the first program to run is BIOS (Basic Input/Output System); its primary use is to start your PC and facilitate the movement of data between an operating system and any devices attached to the system e.g. keyboard, mouse and hard drive. BIOS is a crucial element of getting your operating system up and running; without BIOS, your PC simply won’t work.

We now know what BIOS is, but what does a BIOS vulnerability consist of? Well, a vulnerability is any flaw or weakness in a piece of hardware or software which can give hackers a helping hand. So, for example, with BIOS, there could be an internal control which has been coded in a way that hackers can disable security controls e.g. bypassing security certificates in a piece of hardware. This makes vulnerabilities very dangerous, particularly when the only people aware of them are the hackers.

What Have Lenovo Shipped Their Laptops With?

In total, three vulnerabilities have been discovered on Lenovo’s affected laptops. Two relate to drivers which, despite only being necessary during the laptop manufacturing process, have not been deactivated before shipping. This has granted hackers the opportunity to exploit user privileges and take control of affected machines. The final vulnerability also gives hackers elevated user privileges but also includes local access to the machine.

How Can You Protect Your Lenovo Laptops?

To check if your Lenovo laptop is one of the affected models, you should immediately head to Lenovo’s security bulletin. This will list the full range of models at risk and, thankfully, links to a patched copy of the BIOS firmware. Installing this will render the vulnerabilities redundant and ensure your laptop is safe.

Final Thoughts

Designing a PC is complex and it’s almost impossible to eliminate every single problem. However, some problems have a higher capacity for disaster. While the type of vulnerability present in the affected laptops is rarely exploited in the wild, the potential for damage remains. As ever, security patches remain the best way forwards with vulnerabilities, so ensure these are always installed as soon as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


The Russian invasion of Ukraine has created headlines around the world; one of the lesser-known stories to emerge has been the increase of cyber attacks.

Numerous aspects of life have changed since Ukraine was invaded by Russian forces at the end of February. Alongside the military attacks and breakdown in social infrastructure that Ukrainians have had to contend with, there have been consequences for those outside the region as well. Supply chains have broken down, the price of fuel has risen and there is widespread skepticism over global peace. And, with the internet being such an integral part of modern society, there has been a notable rise in the number of cyber attacks occurring.

An Escalation in Cyber Attacks

The ensuing chaos of a war being waged on European soil and the military might of Russia has created the perfect environment for cyber attacks to thrive. Not only has Russia been accused of using cyber attacks as part of their campaign against Ukraine, but hackers have turned the situation to their advantage by exploiting concerns over the conflict.

As early as February, Ukraine was experiencing significant attacks on its defense ministry and two major banks. These DDoS attacks were used to temporarily take down websites associated with the targets and cause panic and certainty in financial and government sectors. Within 48 hours of the conflict breaking out, it was reported that an increase of 800% in the number of cyber attacks originating in Russia had been observed. There has also been a notable increase in attacks against Ukraine from groups allying themselves with Russia, the Stormous hacking group, for example, announced that they intended to target Ukrainian organizations with ransomware.

Independent hackers have also taken advantage of the conflict to boost the emotional credentials of their campaigns. With emotions and sympathies running high across the world, hackers have exploited these concerns by using Ukraine as a key email subject to increase engagement. Spam email campaigns have also been modified to use the Ukraine conflict as emotive honeypot used to trick recipients into making donations to false organizations.

How to Prepare for Spillover Attacks

While most of these attacks have targeted organizations in Ukraine, it’s likely that these attacks will soon spillover into allies of Ukraine and, eventually, any PC on the planet. As such, it’s crucial that you remain on your guard and observe the following:

Any source of conflict has the potential to cause uncertainty in the digital landscape and, with the Russia/Ukraine conflict expected to be in place for some time, it’s vital that you protect your IT infrastructures. Not only will this maintain IT continuity, but it will provide support for organizations in Ukraine.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


A new strain of malware has been developed which allows threats to be delivered to an inaccessible area of a solid state drive (SSD).\

The attack in question is not currently active, but the possibility of this attack has been modeled and proved successful by a group of Korean security researchers. However, hackers are persistent and they have likely been investigating such an attack for some time – similar strategies have already been employed to hide malware on hard disk drives (HDD). And, thanks to the rapid rise of SSDs over the last decade, threats to their security are only going to become more common.Combatting threats that have stealth on their side is crucial for protecting your IT infrastructures, so you need to take this threat very seriously. Let’s take a look at why and how your SSDs are at risk.

How Does This New Attack Work?

The Korean researchers have found a specific vulnerability in the design of certain SSDs which makes hacking them that little bit easier. An SSD which employs flex capacity (a technique where storage devices adjust their space to enhance performance) is the main target of this latest threat. Such an SSD contains an area known as over-provisioning which is located in an inaccessible area of the SSD. This area takes up, depending on the current demand, between 7 – 25% of the SSD capacity. And this over-provisioning area is invisible to the PCs operating system.

Due to the invisible nature of this over-provisioning space, it cannot be reached by applications such anti-virus tools or user intervention. However, it’s possible to exploit the size of this ‘hidden’ area and enlarge it by manipulation through the SSD firmware manager. Not only does this allow a hacker to deposit malware here, but it gives them access to the over-provisioning space – where sensitive data may remain for several months. It’s this sophisticated attack method which makes it difficult to detect and even more difficult to remove.

What Should You Do If You Have an SSD?

It’s believed that the attack required to exploit the over-provisioning area is not currently active. But it remains a viable threat and it’s only a matter of time before a hacker formulates a successful strategy. The sophisticated nature of this exploit means that tackling such an attack is difficult for an average PC user to complete. Solving this vulnerability lies with the manufacturers of SSDs who need to rethink the design of their systems.

Ideally, real time monitoring of these hidden areas needs implementing, with a view to providing a ‘wipe’ option when the over-positioning capacity increases rapidly. Nonetheless, it remains good practice to install every update and patch which is released for your SSD. Software within the SSD software will regularly need updating and these could be used to strengthen the defense of your SSD. Therefore, prioritizing and automating updates remains important to protect your PCs.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Hackers are attracted to big, successful targets. And, online, you don’t get much bigger than e-commerce, so that’s where the NginRAT malware comes in.

The e-commerce industry is one of the most lucrative sectors online. Not surprisingly, hackers have been targeting this industry since the earliest online transactions took place. As the e-commerce landscape has provided such a long running target, hackers have developed their attack methods significantly in this niche. And this means that it’s getting harder and harder to protect against them. NginRAT is the latest development in this area, and it’s already launched attacks against e-commerce servers in the US, France and Germany.

The threat of NginRAT is very real and it’s one which demands your attention. Therefore, it’s important that you know what you’re dealing with and what you can do about it. And that’s why we’re going to take a closer look at it today.

What is the NginRAT Malware?

The name NginRAT may sound unusual, but the naming procedure employed here is relatively simple:

  • Ngin: This part of the name refers to the Nginx servers where NginRAT hides in order to avoid detection.
  • RAT: The second part of the NginRAT name stands for Remote Access Trojan. This means it is a malware strain which uses back door access to provide remote access to an infected machine.

NginRAT, itself, is actually delivered to victims through another piece of malware known as CronRAT. Once NginRAT has been deployed on a host server, it begins modifying the functionality of this host in order to hijack the Nginx application. This not only allows NginRAT to remain cloaked from security tools, but also lets it inject itself into Nginx web server use. From here, NginRAT is in a position where it can record user data. Now, as Nginx servers are typically used in e-commerce, this means that the hackers can steal sensitive data such as credit card details.

Can You Detect and Remove NginRAT?

The NginRAT is considered a sophisticated piece of malware and it’s unlikely that your average anti-malware tool is going to detect it. However, while it may be sophisticated, it’s far from unbeatable. Security researchers have discovered that it uses two specific variables to launch itself within Nginx servers: LD_PRELOAD and LD_L1BRARY_PATH. For the average PC user, identifying these variables will be beyond their scope. But an IT professional should be able to isolate these processes and begin a removal process.

Final Thoughts

If your organization is involved in the world of e-commerce, then it pays to be vigilant against malware such as NginRAT. The potential damage that a RAT can cause is immeasurable. Aside from the financial repercussions for yourselves and your customers, there is also the reputational damage to contend with. Unfortunately, tackling the NginRAT malware is far from easy. Investing in server monitoring services will not act as a comprehensive band-aid, but it will improve your chances of detecting any malicious activity. For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


A new zero-day exploit has been discovered which could easily disrupt the services of several major online platforms such as Twitter, Minecraft and Steam.

The vulnerability, which has been named Log4Shell, was recently discovered by LunaSec’s security researchers. It was first located within the Minecraft platform, which is operated by Microsoft, and has since been found in many other online services. The exploit was found in an open source logging utility known as Apache Log4j, an essential tool which is necessary in most Java-based apps and servers. It’s estimated that thousands of companies are likely to be at risk due to this vulnerability.

Vulnerabilities remain a major threat for every organization that employs an IT infrastructure, so we’re going to take a closer look at Log4Shell to see what lessons can be learned.

How Does the Log4Shell Vulnerability Work?

Log4Shell is known as a zero-day exploit and this means that it’s a natural vulnerability, likely due to an oversight on the original coders, which has been discovered but not yet patched. Hackers are determined individuals and are constantly focusing their efforts on analyzing software for vulnerabilities. Once a vulnerability is discovered, hackers can take advantage of it and, for example, gain unauthorized access to web servers. And, if like Apache Log4j, it’s a widely used utility, the hackers can replicate this attack against numerous organizations.

Web monitoring services have detected that around 100 hosts are actively scanning the internet to identify services which are running Apache Log4j. This scanning process is automated, so it can be left running continuously. Once platforms running Apache Log4j are identified, hackers have a relatively easy victim in their sights. All it would take is for the exploit to be taken advantage of and, very quickly, the hackers would be able to move deeper into the IT infrastructures of some major online businesses.

Protecting Yourself Against Vulnerabilities

Vulnerabilities such as Log4Shell are, unfortunately, inevitable due to the complexity of building software. Open source software, in particular, is difficult to police once it has been released and, of course, human error means nothing will ever be 100% secure. No specific damage has, as of this time of writing, been associated with the Log4Shell exploit, but the number of individuals at risk is very concerning. Thankfully, Apache have quickly developed a security patch for Log4j which will counter the vulnerability once it is installed.

The key takeaway from the Log4Shell vulnerability is that security patches are crucial. These need to be installed as soon as possible to mitigate any potential security breaches. However, there are other steps you can take minimize your risk:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More