Free Republic

PC giant Lenvo has launched an investigation with Intel to find out which of its suppliers introduced the recently-disclosed BIOS level "ThinkPwn" vulnerability that allows attackers to bypass hardware protections on the company's ThinkPad laptops and other computers. Researcher Dmytro Oleksiuk discovered a flaw that allowed arbitrary code execution using the Intel system management mode (SMM) feature in processors. The exploit is able to bypass the write protection in PCs' flash memory, and in turn disable the Unified Extensible Firmware Interface (UEFI) Secure Boot, and the Windows 10 Enterprise Credentials Guard security feature. Oleksiuk also found suspicious SMM code in...

Audiovisual devices made by AMX for government, education and business users contain a secret backdoor that allows full remote access without detection, security researchers have found. European security firm SEC Consult discovered the hidden backdoor account by analysing an operating system program for user management on the AMX Netlinx NX-1200 AV controller, which is sold in Australia. The binary contains a function named "setUpSubtleUserAccount", which adds a hidden user with administrative privileges, SEC Consult said. Both the account username and password are stored persistently on the AMX NX-1200, meaning if an attacker has this information, they can potentially log on...