Podcast: Managing an Out-Of-Control Security Tech Stack

This podcast is sponsored by Arctic Wolf. In this sponsored podcast, Threatpost podcast host Cody Hackett and Sam McLane, chief technology officer with Arctic Wolf, discuss important considerations when building a multi-layered cybersecurity strategy and best practices when evaluating security...

Lenovo XClarity Controller (XCC) Stored CSV Injection - US

Lenovo Security Advisory: LEN-29118 Potential Impact: Arbitrary Code Execution Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6187 Summary Description: A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller XCC that could allow an administrativ...

Lenovo XClarity Controller (XCC) Stored CSV Injection - Lenovo Support US

No description provided...

Secure Your Digital Transformation

Digital transformation DX is on the mind, IT budget sheet, and board meeting agenda for the majority of enterprise-level organizations. The term digital transformation is becoming ubiquitous, but its definition can be ambiguous. Within the context of this blog, DX refers to how organizations...

Zero Trust strategy—what good looks like

Zero Trust has managed to both inspire and confuse the cybersecurity industry at the same time. A significant reason for the confusion is that Zero Trust isn’t a specific technology, but a security strategy and arguably the first formal strategy, as I recently heard Dr. Chase Cunningham, Principa...

Lenovo Power Management Driver Vulnerability - Lenovo Support US

No description provided...

DLL Search Path and Symbolic Link Vulnerabilities - Lenovo Support US

Lenovo Security Advisory: LEN-27431 Potential Impact: Privilege escalation Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6173, CVE-2019-6196 Summary Description: DLL search path and symbolic link vulnerabilities could allow privilege escalation in some Lenovo...

DLL Search Path and Symbolic Link Vulnerabilities - Lenovo Support US

No description provided...

ST Microelectronics TPM Firmware ECDSA Signature Generation Vulnerability - Lenovo Support US

Lenovo Security Advisory: LEN-29406 Potential Impact: Information Disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-16863 Summary Description: ST Microelectronics has reported a vulnerability in the implementation of the Elliptic Digital Signature Algorithm ECDSA...

Lenovo System Interface Foundation Vulnerabilities - US

Lenovo Security Advisory: LEN-29198 Potential Impact: Lateral Arbitrary Code Execution Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6186, CVE-2019-6189 Summary Description: Potential vulnerabilities were reported in Lenovo System Interface Foundation versions before...

Lenovo System Interface Foundation Vulnerabilities - Lenovo Support US

No description provided...

Presentation Template: Build Your 2020 Security Plan

As the end of the year approaches, security decision makers are creating their 2020 plans and running them by management for approval. In most cases, this means requesting and making the case for the necessary resources that need to be allocated, while still providing value to the organization. T...

Missing HTTP Security Headers in NetApp OnCommand Workflow Automation - Lenovo Support US

No description provided...

Thinking about the balance between compliance and security

Today, many organizations still struggle to adhere to General Data Protection Regulation GDPR mandates even though this landmark regulation took effect nearly two years ago. A key learning for some: being compliant does not always mean you are secure. Shifting privacy regulations, combined with...

Multi-vendor BIOS Security Vulnerabilities - Lenovo Support US

Lenovo Security Advisory: LEN-27714 Potential Impact: Escalation of Privilege, Denial of Service, Information Disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-0117, CVE-2019-0123, CVE-2019-0124, CVE-2019-0151, CVE-2019-0152, CVE-2019-0154, CVE-2019-0184,...

Intel Ethernet I218 Adapter Driver Vulnerability - US

Lenovo Security Advisory: LEN-28648 Potential Impact: Information Disclosure Severity: Low Scope of Impact: Industry-wide CVE Identifier: CVE-2019-11096 Summary Description: Intel reported a potential security vulnerability in the Intel Ethernet I218 Adapter driver may allow information disclosur...

Intel Ethernet I218 Adapter Driver Vulnerability - Lenovo Support US

No description provided...

Intel Software Guard Extensions (SGX) Vulnerabilities - Lenovo Support US

Lenovo Security Advisory: LEN-29482 Potential Impact: Information Disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-14565, CVE-2019-14566 Summary Description: Intel reported a potential security vulnerability in certain libraries provided in the Intel SGX SDK may...

Intel Software Guard Extensions (SGX) Vulnerabilities - Lenovo Support US

No description provided...

Intel Ethernet 700 Series Controller Vulnerabilities - Lenovo Support US

Lenovo Security Advisory: LEN-27715 Potential Impact: Escalation of Privilege, Denial of Service, Information Disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2019-0139, CVE-2019-0140, CVE-2019-0142, CVE-2019-0143, CVE-2019-0145, CVE-2019-0146, CVE-2019-0147,...