Skip to content

ESET發現百款Lenovo(聯想)筆記型電腦內含UEFI漏洞

國際資安大廠ESET發現Lenovo(聯想)筆記型電腦的韌體存在3項UEFI漏洞,這三個漏洞是於去年(2021)由研究人員發現,並於該年 10 月通報給原廠;含有這三個漏洞的筆記型電腦款式甚多,包括 Lenovo IdeaPad 3、Legion 5 Pro-16ACH6 H Yoga Slim 9-14IYL05 等系列,全球使用者人數可能多達數百萬人。

三個漏洞中,有兩個(CVE-2021-3971 和 CVE-2021-3972)漏洞,可讓駭侵者關閉針對 SPI 快閃記憶體的機制,而 SPI 快閃記憶體係用以儲存 UEFI 韌體程式碼;這樣駭侵者即可在電腦啟動(boot)期間執行非由原始製造廠(Original Equipment Manufacturer, OEM)提供簽署的程式碼。

另一個漏洞 CVE-2021-3970 則可讓本地端的駭侵者,利用此漏洞提升執行權限,並且於本土端執行任意程式碼。

Lenovo(聯想)已提供新版韌體,修復上述三個漏洞外,也在官網提供所有含有上述漏洞的筆記型電腦型號清單;ESET資安專家建議所有使用 Lenovo 品牌筆記型電腦的用戶,應立即核對自己使用的產品是否列名於清單內,同時立即升級至最新版本韌體,以免遭駭侵者利用這三種已知漏洞發動攻擊。

ESET資安產品具備【UEFI掃描功能】,協助保護您電腦設備之安全。
>>我要購買:https://www.eset.tw/estore/zh/

原文出處:https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/

關於台灣二版Version 2
台灣二版(V2)是亞洲其中一間最有活力的IT公司,發展及代理各種互聯網、資訊科技、資訊安全、多媒體產品,包括通訊系統等,透過龐大銷售點、經銷商及合作伙伴,提供廣被市場讚賞的產品及客製化、在地化的專業服務。台灣二版(V2)的銷售範圍包括香港、中國、台灣、新加坡、澳門等地區,客戶涵蓋各產業,包括全球1000大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企業及來自亞洲各城市的消費市場客戶。 

關於ESET
ESET成立於1992年,是一家面向企業與個人用戶的全球性的電腦安全軟體提供商,其 獲獎產品——NOD32防病毒軟體系統,能夠針對各種已知或未知病毒、間諜軟體 (spyware)、rootkits和其他惡意軟體為電腦系統提供實時保護。ESET NOD32佔用 系統資源最少,偵測速度最快,可以提供最有效的保護,並且比其他任何防病毒產品獲 得了更多的Virus Bulletin 100%獎項。ESET連續五年被評為“德勤高科技快速成長500 強”(Deloitte’s Technology Fast 500)公司,擁有廣泛的合作夥伴網絡,包括佳 能、戴爾、微軟等國際知名公司,在布拉迪斯拉發(斯洛伐克)、布里斯托爾(英國 )、布宜諾斯艾利斯(阿根廷)、布拉格(捷克)、聖地亞哥(美國)等地均設有辦事 處,代理機構覆蓋全球超過100個國家。

Keepit 從 TrustRadius 獲得客戶最高評價獎

Keepit’s continued focus on delivering premium SaaS data protection services results in top ratings from customers

Copenhagen, Denmark  – May 11, 2022 –  Keepit, the market leader in cloud backup and recovery, and the world’s only independent, vendor-neutral cloud dedicated to SaaS data protection with a blockchain-verified solution, today announced that the company has received a Top Rated award from research and review platform TrustRadius.  

The award is based on the rating scores Keepit’s customers give the Keepit product and services. In addition to the scores, customers are able to elaborate on their ratings in detailed comments. The most praised characteristics of Keepit’s services on TrustRadius are: ease of use; the speed and granularity of recovery times; the return on investment and value for money; customer support; and the retention policies.  

‘Buyers have many options when it comes to selecting SaaS Backup Software,’ said Megan Headley, VP of Research at TrustRadius. ‘Keepit earned a Top Rated award based directly on feedback from its customers. Reviewers on TrustRadius highlight Keepit’s easy implementation, worry-free operation, and breadth of functionality.” 

Keeping it simple pays off 

For Keepit, the award is a testament to the value of keeping a dedicated focus on the user experience – not just from a product interface perspective but also from all the services surrounding the product. Particularly, technical support and customer success management have been key areas of continuous improvement and refinement for the company, as well as transparency in the initial sales and onboarding processes. 

With a business strategy dedicated to the customer experience, the award is received with gratitude and pride:  

“For Keepit, this is one of the most valuable categories of awards we can receive,” says Keepit CEO Frederik Schouboe. “Our philosophy has always been to ‘keep it simple’ based on the understanding that a security solution will only work if it is properly implemented and incorporated in the day-to-day operations of an organization.  And that only happens if the solution is intuitive and efficient. An award based on customer praise which keeps repeating simplicity, ease of use, and ease of implementation as valued features is the ultimate stamp of approval for a company like Keepit.” 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

INCONTROLLER / Pipedream: 國家支持的針對多個ICS系統的攻擊工具

Dangerous New Malware Can Shut Down, Sabotage Industrial Sites

Pipedream, or Incontroller, is a custom-made, modular ICS attack framework that could be leveraged to cause disruption, degradation, and possibly even destruction depending on targets and the environment.

Pipedream can manipulate a wide variety of PLCs and industrial software, including Omron and Schneider Electric controllers, and can attack ubiquitous industrial technologies including CODESYS, Modbus, and OPC UA.

The framework’s capabilities include performing system enumeration, issuing WMI commands, executing host-based commands, and manipulating the registry. It exploits the known-vulnerable ASRock-signed motherboard driver to execute malicious code in the Windows kernel (CVE-2020-15368).

The framework includes three tools that enable the attacker to send instructions to ICS devices using industrial network protocols:

  • The first tool has multiple capabilities, such as the ability to scan for and enumerate OPC UA servers, suggesting a reconnaissance role.
  • The second tool communicates with ICS devices using the Modbus protocol, which potentially gives it the ability to interact with devices from different manufacturers. However, the tool contains a specific module to interact with, scan, and attack Schneider Electric’s Modicon M251 PLC using Codesys.
  • The third tool is designed to obtain shell access to Omron PLCs. It primarily operates using the HTTP protocol, however it also utilizes Omron’s proprietary FINS over UDP protocol for scanning and device identification.

CISA’s Alert to this also recommends using a tool such as SCADAfence

CISA’s Alert (AA22-103A) states “DOE, CISA, NSA, and the FBI recommend all organizations with ICS/SCADA devices implement the following proactive mitigations:

“Leverage a continuous OT monitoring solution to alert on malicious indicators and behaviors, watching internal systems and communications for known hostile actions and lateral movement. For enhanced network visibility to potentially identify abnormal traffic…”

SCADAfence has been on the forefront, defending organizations around the world from attacks on industrial control systems, both with our products, and as a managed service.

The Impact Of The INCONTROLLER / Pipedream Malware

The intent is to leverage the access to ICS systems to elevate privileges, move laterally within the networks, and sabotage mission-critical functions in liquified natural gas and electric power environments.
It has not yet been seen deployed in target networks.

How SCADAfence Detects INCONTROLLER / Pipedream

  • The SCADAfence Platform detects new connections, connections from external devices and from the Internet, and unauthorized connections to OT assets.
  • Furthermore, the Platform detects start, restart, and stop commands sent to PLCs in the network, as well as remote mode change commands which are needed steps to alter programs in PLCs.
  • The Platform additionally detects system enumeration scans and HTTP command execution.

Our Experts Recommend

  • Isolate ICS systems and networks from corporate and internet networks using strong perimeter controls, and limit any communications entering or leaving the perimeter.
  • Limit ICS systems’ network connections to allowed management and engineering workstations.
  • Enforce multi-factor authentication for all remote access to ICS networks and devices whenever possible.
  • Change all passwords to ICS devices, especially all default passwords, to unique, strong passwords.
  • Apply the latest security patches on the OT assets in the network.
  • Maintain offline backups for faster recovery upon a disruptive attack, and conduct hashing and integrity checks on firmware and controller configuration files to ensure validity of those backups.
  • Enforce principle of least privilege. Only use admin accounts when required for tasks, such as installing software updates. 
  • Monitor systems for loading of unusual drivers, especially for ASRock drivers if no ASRock driver is normally used on the system.

Since the DOE, CISA, NSA, and the FBI recommend all organizations with ICS/SCADA devices to work with a continuous network monitoring solution going forward, let our experts help you keep your networks & industrial devices secure.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

數據保護: 你需要知道的關於數據的所有信息以及為什麼要保護它

Do you know where all your company’s data is and how it flows through your operations and processes? Company data flows on both official and unofficial channels, such as email, cloud, printers, instant messaging, etc. If employees don’t treat data with the proper care, it can very easily be lost. Read more about data protection – why it is important and how to do it best. 

In this article you will learn: 


How companies produce data

Business data is any information that is relevant for running a company. There are two types of data – input data and output data. Input data is provided by the users, and computers provide output data.

Companies gather data from various sources and channels, and they do so via different software or AI. More sophisticated tools are used for Big Data processing.

Examples of data that companies usually have:

  • Financial information
  • Company strategic information (long-term vision, business objectives, staff development, equality and diversity, etc.)
  • Business and sales forecasts
  • Customer information
  • Personal data
  • Website traffic statistics
  • Campaign details (social media, emailing, etc.)
  • Sales results
  • Warehouse and inventory data
  • HR data (employee information, salaries, interactions between teams, etc.)
  • Customer and partner information from CRM systems
  • Source code
  • Blueprint and designs

What is data flow

Data flow is the movement of your company’s data throughout your systems. Data can flow via both software and hardware and can be changed during the process of moving.

Different employees and teams have access to the data at specific points in the data flow. They can change data, provide data to other departments or vendors, or even delete data.

Data can leak at any moment, and every stage of the data flow can be risky in terms of data protection.

Where companies store their data

In the past, company data was stored on paper – in files and folders in offices and archives. During the process of digitization, all data was moved to digital formats. Data can be found and moved via the following channels (both official and unofficial):

  • File sharing websites and social media (WeTransfer, Twitter, Facebook, Send Anywhere)
  • Email (Webmail, POP3 / IMAP, SMTP)
  • Internet (HTTP, HTTPS, FTP, FTPS, P2P)
  • Cloud (OneDrive, Dropbox, Google Drive, Box, SharePoint)
  • Microsoft 365 (Exchange Online, SharePoint Online)
  • Instant messaging (Teams, Skype, Slack)
  • Removable storage (USB, Memory cards, External drives, Optical discs)
  • Media (CD, DVD, Blu-ray, Printers)
  • Connections (Bluetooth, FireWire)
  • Operations (Copy and Paste, Drag and Drop, Screen capture)


Why you should protect data

Insiders don’t treat data with care

Insider threats are on the rise due to trends in digital workspaces, flexible and remote work, and agile and BYOD approaches. The overall number of incidents has increased by 44 percent in the last two years. Most of these threats are unintentional – 56% were caused by negligent insiders, whereas 26% were malicious.

Read more about insider threats here.

Data ends up in a competitor’s hands

Data has great value for companies and can easily generate another revenue stream. There are even companies whose business is based on data generation. So, employees might be motivated to steal a company’s data and sell it to competitors or other companies.

Reputation risks for a company

When a data breach occurs, a company’s reputation is at risk. Negative media coverage can lower the number of customers, and hence lower profit.

According to the US National Cyber Security Alliance, about 60 percent of small businesses close within six months of a major data leak and 85% of companies experience a data breach.

Data breaches caused by insiders are very costly

The costs of breaches can be enormous. The overall costs of an insider threat incident have increased from $11.45 million in 2020 to $15.4 million in 2021. The longer it takes to detect an internal threat, the higher the costs. On average, it takes nearly three months (85 days) to contain an insider threat incident. Incidents that took more than 90 days to discover cost companies $17.19 million, the average cost of incidents that were discovered in less than 30 days was $11.23 million.

Regulatory compliance and GDPR

In the event of a data breach legal authorities may impose fines. The strictest regulation is GDPR. Companies that violate GDPR can expect the following fines:

  • The lower level is up to 10 million euros, or 2% of the worldwide annual revenue from the previous year, depending on which is higher.
  • The upper level is up to 20 million euros, or 4% of the worldwide total revenue from the previous fiscal year, depending on which is higher.

Read more about GDPR in this article.


How companies lose their data

As stated above, the majority of insider threats are unintentional and occur for various reasons, such as hybrid modes of working, or BYOD approaches. Insider threats can also happen because employees are tired, work under stress, or are not aware of the security processes and importance of data security.

Let’s have a look at a few real-life situations that will show you how insider threats are a part of daily business operations.

James is rushing to kindergarten

James needs to pick up his child and doesn’t have enough time to update the customer database for the next day’s emailing. He might be able to do it from home, but according to the company’s policies, it is not possible to log in without a VPN. And he has just bought a new laptop but hasn’t set up the VPN yet.

Meanwhile his child is crying, and the teacher is calling James to see if he’s on his way. He is in a rush, so he copies the Excel sheet and uploads it to his personal Google Drive and decides to do his work at home in the evening. But his Google Drive is full of photos from his vacation and there’s not enough free space to upload the Excel sheet. So James uploads it to WeTransfer. With no encryption and no password.

Laura was interrupted by a colleague while sending out an email

Laura is working on an important email with financial documents for her company’s CFO, when suddenly her phone rings. It’s her colleague with an important issue that needs to be resolved right away. Laura is on the phone with her colleague when selecting a recipient’s email address. She is under pressure and therefore instead of the CFO’s name, she chooses the client’s email address from the suggestion.

Charlie doesn’t enjoy his job anymore

Charlie has issues with his manager and decides to find a new job. He is talented and has already received an offer from a competitor. Charlie knows that his company’s client database will be helpful in his new job and decides to take it with him. He thinks it’s risky to send it via email, so he uploads a few screenshots and database exports to his USB drive.


As you can see from the examples, insider threats mostly don’t have malicious intentions, however, the consequences might be as harmful to a company as a malicious act would be.

Whose hands your data might end up in

  • Hackers/ransomware groups might blackmail you, threatening the data will be published unless you pay some money to them.
  • Competition would be one step ahead of you in case they get access to your customers’ data, business plans, or know-how.
  • Contractors would be negotiating lower prices because they would be aware of your conditions, calculations, and margin.

How to protect your company’s data

No matter how many channels your company uses, there are a few universal ways of protecting your data.

  • Perform a data audit and find all your sensitive data. It is good to know what type of data your company operates with, where the data is stored and who has access to work with it or can change it.
  • Implement policies that specify how sensitive data can be handled and who can access it and for which purposes. Make sure your policies are easy to understand.
  • Educate your employees and explain to them the importance of data security. They should be aware of what type of data your company operates with and what are the consequences of misusing it.
  • Encrypt your data and make sure that even if you lose your flash drive or phone your data will remain safe.

A few more data security tips:

  • File sharing websites, social media and instant messaging – Block upload of the data, or notify employees about risky operation
  • Email – Restrict sending data to unknown external email addresses, notify employees about potential breach
  • Internet, cloud, O365 – Restrict uploading data to unofficial channels outside the company or notify employees
  • Printers – Check what type of documents your employees print based on contextual information and discover potential data breaches; restrict printing specific sensitive documents

How Safetica protects your data

Monitors your data flow

Safetica offers features to track and protect various data flow channels your company uses. Safetica checks your company’s outgoing communication channels and gives you an overview of how data travels in your company. Once you know your data flows you can set security measures. Notify your users about risky behavior or block dangerous file sharing actions.

Helps you to be compliant with regulations

Safetica helps you to monitor the data flow within your IT environment as well as when it leaves the perimeter of your company. You can set specific rules that help you to comply with GDPR or other data protection regulation. You will be able to see how employees work with personal and other sensitive data, and it allows you to eliminate the risk of misuse or accidental policy violation. The system notifies you in real-time in the event of a security threat.

Encrypts your data

Safetica gives you the option to manage encryption of USB devices and disks using BitLocker. The solution takes care of security key management and recovery.

Protect your data against insider threats

Safetica checks the users’ behavior and notifies you when finds anomalies. In case a user starts to send bigger amounts of data at night or works with different types of data out of a sudden, there is a potential incident, and the system notifies you, and you can take appropriate action.

Safetica notifies employees about risky operations, hence educating them about data security. It is important to trust your employees, however, let’s not forget we are all people, and people make mistakes. Safetica mitigates these risks, and you can go to sleep in peace knowing that data, people, and your company are protected.

    About Version 2 Limited
    Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

    About Safetica
    Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

    關於MAC欺騙的真相

    The threat behind MAC spoofing

    When implementing any insurance policy, you need to start with estimating the level of risk, the probability of that risk, and the potential damage should that risk become a reality.

    One of the network risks that is often presented to demonstrate the ineffectiveness of 802.1x solutions is the ease of bypassing modern network access control (NAC) by using MAC spoofing. Usually, this involves spoofing the network printer or other vulnerable device.

    Now, let’s put aside the fact that network printers today can support certificate or credential-based authentication, and that certain products have remedies against such attempts even when the authentication is based on MAC.

    Let’s consider: is MAC spoofing a legitimate threat or an exaggerated, manageable flaw?

    But before I try to analyze this risk, I want to point out the biggest advantage a NAC solution can give an organization to cope with modern cyber security threats: the ability to apply dynamic segmentation based on device type or identity.

    Without going into too much detail, NAC is one of the only systems that can help you prevent lateral movement, indirectly allowing you to identify breaches and directly helping you to prevent the compromise of your crown jewels.

    The threat landscape

    Here are some of the most common adversaries when it comes to MAC spoofing:

    • The employee – a disgruntled current or former employee
    • The guest – a contractor, customer, patient, etc. who physically visits your organization for a period of time
    • The hacker – a malicious person trying to attack your network and steal information, causing harm to your organization

    And here are the most common attack surfaces:

    • Wifi
    • Wired, ethernet switches

    One caveat: most wifi environments contain managed devices. So, for devices that do not have an 802.1x supplicant, and thus does not support certificate-based authentication (or credentials based), it is easy to setup an isolated segment and significantly lower the risk of attack.

    As such, we’ll put our focus on examining wired environments, and how they’re vulnerable to the above adversaries.

    Adversaries in-depth

    Let’s be clear – MAC spoofing requires some technical knowledge to execute, which the non-technical lay person typically does not possess. Those doing it know what they’re doing, and they know it’s wrong.

    With that said, it’s important to point out that a lot of damage is caused by the unintended – i.e. people clicking on a link in an email, deleting the wrong record or file, or even dropping a laptop into a pool.

    The employee

    Employees should be trustworthy. If they’re not, cyber security is likely not your problem. But, when someone is fired, laid off, or even just mistreated at work, there always exists the potential for them to hold a grudge. It’s human nature.

    Disgruntled employees can pose a big risk. If an employee still works for an organization and he/she is determined to do damage, that’s a problem that’s nearly impossible to prevent. The network connection alone is not going to stop he/she from stealing data or worse. This individual likely already has access through other corporate devices and the credentials to access whatever data he/she wants.

    At the end of the day, however, this individual’s risk of MAC spoofing can be categorized as “very low” with “low” probability and “low” potential for damage. The reason being is that the potential damage done is not necessarily related to network connection. The first line of defense against a disgruntled current of former employees is physical barriers – i.e. locked doors and other physical security.

    The guest

    A guest visiting your office might want to connect to your network. Most likely, this guest will not go to great lengths to hack your network if they are initially blocked. By supplying a guest network, such as a guest wifi, you will effectively eliminate that risk all together. Thus, like the employee, this individual’s risk of MAC spoofing can be categorized as “very low” for both probability and damage.

    The hacker

    A hacker will need physical access to your network in order to do his/her job. Today, spearhead attacks can enable hackers to access your networks from afar. Doing so, however, typically requires some sort of motive.

    This motivation is often dependent upon the type of business you operate. If you’re in military and defense, for example, you likely have a higher than average risk of being the target of such an attack. The same going for banking and financial services, healthcare and any other industry with highly sensitive and confidential data.

    For most organizations, the threat of physical access hacking is typically low, while the potential for damage could be high. Should a retailer fear physical burglary just because a new device has connected to its network? I think not.

    In conclusion

    For most organizations, the risk of MAC spoofing is almost non-existent. This is usually fairly easy for an auditor to demonstrate, and would appear as part of a comprehensive security report. So in reality, the perception of the threat is that it’s a much larger problem than it actually is.

    You can also prevent MAC spoofing by implementing stronger authentication methods that are fairly common today. One of the major roles of NAC is to provide secure authentication and authorization to the network. Thus, even if authentication is somehow breached, authorization serves as a second layer of defense that can limit access by putting potential individuals of risk in a specific “narrow” segment.

    The segmentation of specific types of MAC-based devices is a best practice in NAC. Even if spoofing occurs, such a device won’t be able to access a particularly sensitive VLAN, such as those in Finance or HR, if proper segmentation has been established through your network security policies.

    About Version 2 Limited
    Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

    About Portnox
    Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。