Lenovo Secure Boot Bypass 💻, Project Zero Speeds Up Disclosures ⏱️, OWASP AI Guide 🤖

Lenovo warns about new high-severity BIOS flaws that could allow attackers to bypass Secure Boot on some IdeaCentre AIO and Yoga AIO models ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR Information Security 2025-07-31 How to minimize security risks when acquiring businesses (Sponsor) M&A deals move fast, but security can't be an afterthought. In this on-demand webinar, security leaders with experience handling over 30 M&As share insights on what every acquirer needs to know to protect their organization before and after the deal closes. You'll learn: What to evaluate during due diligence and which risks matter most Ways to bring fragmented access and security policies into alignment The role insider threats play in newly combined teams Steps to make compliance easier across distributed business units Watch the webinar now. 🔓 Attacks & Vulnerabilities New Lenovo UEFI Firmware Updates Fix Secure Boot Bypass Flaws (2 minute read) Lenovo is warning users about new high-severity BIOS flaws that could allow attackers to bypass Secure Boot on some IdeaCentre AIO and Yoga AIO models. The vulnerabilities may enable local attackers to execute arbitrary code in System Management Mode (SMM), a CPU mode that operates independently from the OS and hypervisor, allowing them to plant "undetectable" malware that bypasses OS-level defenses. Hackers Actively Exploit Critical RCE in WordPress Alone Theme (2 minute read) WordPress security firm Wordfence has reported an actively exploited, critical unauthenticated arbitrary file upload vulnerability in the premium WordPress theme 'Alone.' The vulnerability stems from the theme's `alone_import_pack_install_plugin()` function, which lacks nonce checks, is exposed via a `wp_ajax_nopriv_hook`, and permits plugin installation via AJAX. Attackers exploit the flaw by sending a POST request with a remote source URL pointing to an attacker-controlled file with webshells or other payloads. Ransomware Gang Sets Deadline to Leak 3.5 TB of Ingram Micro Data (2 minute read) The SafePay ransomware group is threatening to leak 3.5TB of Ingram Micro data on August 1, nearly a month after the attack. Although Ingram Micro claimed containment and restored operations by July 9, the company's appearance on SafePay's leak site suggests that no ransom was paid. 🧠 Strategies & Tactics Cost of a Data Breach Report 2025 (20 minute read) IBM's 2025 breach report shows that global breach costs fell to $4.44 million while US breach costs reached a record high of $10.22 million. AI is emerging as both an attack vector and a defense mechanism, with 13% of breaches involving AI models due to inadequate access controls. Phishing has overtaken stolen credentials as the most common initial attack vector. DreamWalkers (8 minute read) Reflectively loading modules is a technique to hide malware payloads injected via shellcode. Traditionally, the call stack cannot be convincingly spoofed due to missing unwind information. This post introduces a technique called DreamWalkers, which parses the PE structure to register unwind information via `RtlAddFunctionTable`, creating clean and convincing call stacks. 🧑‍💻 Launches & Tools MSP security headaches? Duo has the cure. (Sponsor) Looking to meet rising expectations? Unlock the next level of MSP efficiency with Duo's Smarter Security Toolkit for MSPs. Inside, you'll learn how to: ✔️ Automate security hygiene & updates ✔️ Integrate effortlessly with your existing tech stack ✔️ Slash helpdesk tickets with self-service tools Get the Toolkit shade (GitHub Repo) shade is a system for detecting shadow SaaS and securely recording the credentials involved. It consists of a browser extension that reports SaaS logins to a backend server, enabling security teams to monitor and manage shadow SaaS. SockTail (GitHub Repo) SockTail is a lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Prophet AI (Product Launch) Prophet AI for Security Operations filters incoming alerts and, for each one, gathers, correlates, and analyzes data from multiple sources to provide a decision and a detailed investigation summary. 🎁 Miscellaneous Google Project Zero to Publicly Announce Bugs Within a Week of Reporting Them (2 minute read) Google's Project Zero vulnerability research team has announced that they will publicly disclose when they have discovered a vulnerability within a week of notifying vendors. This breaks from the longstanding norm of waiting 90 days for a fix and an additional 30 days post-patch before publishing technical details. Project Zero emphasized that it won't release technical details early, only broad information to help downstream dependents prepare for patching. CyberArk Acquired By Palo Alto Networks for $25 Billion: More Details on the Deal, Expanded Offering (5 minute read) Palo Alto Networks has acquired identity security firm CyberArk for $25 billion to build a next-generation AI-driven security platform. Despite CyberArk's strong 43% revenue growth, Palo Alto's stock dropped 5% as analysts questioned the defensive timing of the large-scale acquisition. ⚡ Quick Links Unlock the next level of MSP efficiency (Sponsor) Meet rising expectations and unlock the next level of MSP efficiency with Duo's Smarter Security Toolkit for MSPs. Get the Toolkit Turning Incident Response Challenges Into Scalable Solutions (7 minute read) Hunt & Hackett uses a cloud-based incident response lab to handle large-scale investigations. Securing Agentic Applications Guide (PDF) OWASP has released comprehensive guidance offering concrete technical recommendations for builders and developers of agentic AI systems. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/dc263000/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.