PC maker Lenovo is recommending that users remove an application preloaded on their computers because it contains a high-severity flaw that could allow attackers to take over their systems.
The vulnerable tool is called Lenovo Accelerator Application and is designed to speed up the launch of other Lenovo applications. It was preinstalled on more than 100 laptop and desktop models shipped with Windows 10, but not those from the ThinkPad and ThinkStation lines.
The flaw was discovered by researchers from security firm Duo Security as part of an analysis of OEM software update tools from five PC manufacturers. The company found that a process called LiveAgent, apparently the update component of the Lenovo Accelerator Application, does not use encrypted connections when checking and downloading updates. LiveAgent also does not validate the digital signatures of the downloaded files before running them, the researchers said.To read this article in full or to leave a comment, please click here
PC maker Lenovo is recommending that users remove an application preloaded on their computers because it contains a high-severity flaw that could allow attackers to take over their systems.
The vulnerable tool is called Lenovo Accelerator Application and is designed to speed up the launch of other Lenovo applications. It was preinstalled on more than 100 laptop and desktop models shipped with Windows 10, but not those from the ThinkPad and ThinkStation lines.
The flaw was discovered by researchers from security firm Duo Security as part of an analysis of OEM software update tools from five PC manufacturers. The company found that a process called LiveAgent, apparently the update component of the Lenovo Accelerator Application, does not use encrypted connections when checking and downloading updates. LiveAgent also does not validate the digital signatures of the downloaded files before running them, the researchers said.To read this article in full or to leave a comment, please click here
Ever wonder how much an exploit for a previously unknown vulnerability that affects all Windows versions costs on the black market? The answer, according to a recent offer seen on a cybercrime forum, is $90,000.The offer was observed by researchers from security firm Trustwave on an underground market for Russian-speaking cybercriminals, where users hire malware coders, lease exploit kits, buy access to compromised websites or rent botnets.Zero-day exploits -- exploits for unpatched vulnerabilities -- are typically used for cyberespionage. Hackers sell them to governments and large corporations, under strict non-disclosure agreements, often through specialized brokers, so it's uncommon to see them traded on cybercrime forums.To read this article in full or to leave a comment, please click here
Ever wonder how much an exploit for a previously unknown vulnerability that affects all Windows versions costs on the black market? The answer, according to a recent offer seen on a cybercrime forum, is $90,000.The offer was observed by researchers from security firm Trustwave on an underground market for Russian-speaking cybercriminals, where users hire malware coders, lease exploit kits, buy access to compromised websites or rent botnets.Zero-day exploits -- exploits for unpatched vulnerabilities -- are typically used for cyberespionage. Hackers sell them to governments and large corporations, under strict non-disclosure agreements, often through specialized brokers, so it's uncommon to see them traded on cybercrime forums.To read this article in full or to leave a comment, please click here
Serious vulnerabilities have crept into the software tools that PC manufacturers preload on Windows computers, but the full extent of the problem is much worse than previously thought.Researchers from security firm Duo Security have tested the software updaters that come installed by default on laptops from five PC OEMs (original equipment manufacturers) -- Acer, ASUSTeK Computer, Lenovo, Dell and HP -- and all of them had at least one serious vulnerability. The flaws could have allowed attackers to remotely execute code with system privileges, leading to a full system compromise.In most cases, the problems resulted from the OEM software updaters not using encrypted HTTPS connections when checking for or downloading updates. In addition, some updaters didn't verify that the downloaded files were digitally signed by the OEM before executing them.To read this article in full or to leave a comment, please click here
Serious vulnerabilities have crept into the software tools that PC manufacturers preload on Windows computers, but the full extent of the problem is much worse than previously thought.Researchers from security firm Duo Security have tested the software updaters that come installed by default on laptops from five PC OEMs (original equipment manufacturers) -- Acer, ASUSTeK Computer, Lenovo, Dell and HP -- and all of them had at least one serious vulnerability. The flaws could have allowed attackers to remotely execute code with system privileges, leading to a full system compromise.In most cases, the problems resulted from the OEM software updaters not using encrypted HTTPS connections when checking for or downloading updates. In addition, some updaters didn't verify that the downloaded files were digitally signed by the OEM before executing them.To read this article in full or to leave a comment, please click here
A few weeks ago, Tumblr notified users of a data breach that resulted in the theft of user email addresses and hashed passwords. The company did not say how many accounts were affected, but recently someone put the data up for sale and the number is: 65 million records.The data is being sold on a Tor dark market website called TheRealDeal by a user named peace_of_mind who also sold 167 million user records stolen from LinkedIn. Recently he also posted offers for 360 million accounts allegedly stolen from MySpace and 40 million from adult dating website Fling.com.To read this article in full or to leave a comment, please click here
A few weeks ago, Tumblr notified users of a data breach that resulted in the theft of user email addresses and hashed passwords. The company did not say how many accounts were affected, but recently someone put the data up for sale and the number is: 65 million records.The data is being sold on a Tor dark market website called TheRealDeal by a user named peace_of_mind who also sold 167 million user records stolen from LinkedIn. Recently he also posted offers for 360 million accounts allegedly stolen from MySpace and 40 million from adult dating website Fling.com.To read this article in full or to leave a comment, please click here
Owners of WordPress-based websites should update the Jetpack plug-in as soon as possible because of a serious flaw that could expose their users to attacks.Jetpack is a popular plug-in that offers free website optimization, management and security features. It was developed by Automattic, the company behind WordPress.com and the WordPress open-source project, and has over 1 million active installations.Researchers from Web security firm Sucuri have found a stored cross-site scripting (XSS) vulnerability that affects all Jetpack releases since 2012, starting with version 2.0.The issue is located in the Shortcode Embeds Jetpack module which allows users to embed external videos, images, documents, tweets and other resources into their content. It can be easily exploited to inject malicious JavaScript code into comments.To read this article in full or to leave a comment, please click here
Owners of WordPress-based websites should update the Jetpack plug-in as soon as possible because of a serious flaw that could expose their users to attacks.Jetpack is a popular plug-in that offers free website optimization, management and security features. It was developed by Automattic, the company behind WordPress.com and the WordPress open-source project, and has over 1 million active installations.Researchers from Web security firm Sucuri have found a stored cross-site scripting (XSS) vulnerability that affects all Jetpack releases since 2012, starting with version 2.0.The issue is located in the Shortcode Embeds Jetpack module which allows users to embed external videos, images, documents, tweets and other resources into their content. It can be easily exploited to inject malicious JavaScript code into comments.To read this article in full or to leave a comment, please click here
Malware links suggest that North Korean hackers might be behind recent attacks against several Asian banks, including the theft of US$81 million from the Bangladesh central bank earlier this year.Security researchers from Symantec have found evidence that the malware used in the Bangladesh Bank cyberheist was used in targeted attacks against an unnamed bank in the Philippines. The same malware was also previously linked to an attempted theft of $1 million from Tien Phong Bank in Vietnam.Symantec confirmed the earlier findings of researchers from BAE Systems who found code similarities between the Bangladesh Bank malware, which was used to modify SWIFT transfers, and the malicious program used in attacks against Sony Pictures Entertainment in December 2014.To read this article in full or to leave a comment, please click here
Malware links suggest that North Korean hackers might be behind recent attacks against several Asian banks, including the theft of US$81 million from the Bangladesh central bank earlier this year.Security researchers from Symantec have found evidence that the malware used in the Bangladesh Bank cyberheist was used in targeted attacks against an unnamed bank in the Philippines. The same malware was also previously linked to an attempted theft of $1 million from Tien Phong Bank in Vietnam.Symantec confirmed the earlier findings of researchers from BAE Systems who found code similarities between the Bangladesh Bank malware, which was used to modify SWIFT transfers, and the malicious program used in attacks against Sony Pictures Entertainment in December 2014.To read this article in full or to leave a comment, please click here
Over the past week, computers throughout Europe and other places have been hit by a massive email spam campaign carrying malicious JavaScript attachments that install the Locky ransomware program.Antivirus firm ESET has observed a spike in detections of JS/Danger.ScriptAttachment, a malware downloader written in JavaScript that started on May 22 and peaked on May 25.Many countries in Europe have been affected, with the highest detection rates being observed in Luxembourg (67 percent), the Czech Republic (60 percent), Austria (57 percent), the Netherlands (54 percent) and the U.K. (51 percent). The company's telemetry data also showed significant detection rates for this threat in Canada and the U.S.To read this article in full or to leave a comment, please click here
Over the past week, computers throughout Europe and other places have been hit by a massive email spam campaign carrying malicious JavaScript attachments that install the Locky ransomware program.Antivirus firm ESET has observed a spike in detections of JS/Danger.ScriptAttachment, a malware downloader written in JavaScript that started on May 22 and peaked on May 25.Many countries in Europe have been affected, with the highest detection rates being observed in Luxembourg (67 percent), the Czech Republic (60 percent), Austria (57 percent), the Netherlands (54 percent) and the U.K. (51 percent). The company's telemetry data also showed significant detection rates for this threat in Canada and the U.S.To read this article in full or to leave a comment, please click here
More banks have reportedly launched investigations into potential security breaches on their networks after hackers stole US$81 million from the Bangladesh central bank earlier this year through rogue SWIFT transfers.Security firm FireEye, which was hired to investigate the Bangladesh bank attack, was also called in to look for possible compromises at up to 12 additional banks, Bloomberg reported Thursday, citing an unnamed source familiar with the investigations.Most of the banks are from Southeast Asia but include banks in the Philippines and New Zealand, Bloomberg reported.To read this article in full or to leave a comment, please click here
The activity of Romanian hacker Guccifer, who has admitted to compromising almost 100 email and social media accounts belonging to U.S. government officials, politicians and other high-profile individuals, is the latest proof that humans are the weakest link in computer security.Marcel Lehel Lazar, 44, is not a hacker in the technical sense of the word. He's a social engineer: a clever and persistent individual with a lot of patience who a Romanian prosecutor once described as "the obsessive-compulsive type."By his own admission, Lazar has no programming skills. He didn't find vulnerabilities or write exploits. Instead, he's good at investigating, finding information online and making connections.To read this article in full or to leave a comment, please click here
The activity of Romanian hacker Guccifer, who has admitted to compromising almost 100 email and social media accounts belonging to U.S. government officials, politicians and other high-profile individuals, is the latest proof that humans are the weakest link in computer security.Marcel Lehel Lazar, 44, is not a hacker in the technical sense of the word. He's a social engineer: a clever and persistent individual with a lot of patience who a Romanian prosecutor once described as "the obsessive-compulsive type."By his own admission, Lazar has no programming skills. He didn't find vulnerabilities or write exploits. Instead, he's good at investigating, finding information online and making connections.To read this article in full or to leave a comment, please click here
The explosion of new generic top-level domains (gTLDs) in recent years can put enterprise computers at risk due to name conflicts between internal domain names used inside corporate networks and those that can now be registered on the public Internet.Many companies have configured their networks to use domain names, in many cases with made-up TLDs that a few years ago didn't use to exist on the Internet, such as .office, .global, .network, .group, .school and many others. Having an internal domain-based namespace makes it easier to locate, manage and access systems.The problem is that over the past two years, the Internet Corporation for Assigned Names and Numbers (ICANN) has approved over 900 gTLDs for public use as part of an expansion effort. This can have unexpected security implications for applications and protocols used on domain-based corporate networks.To read this article in full or to leave a comment, please click here
The explosion of new generic top-level domains (gTLDs) in recent years can put enterprise computers at risk due to name conflicts between internal domain names used inside corporate networks and those that can now be registered on the public Internet.Many companies have configured their networks to use domain names, in many cases with made-up TLDs that a few years ago didn't use to exist on the Internet, such as .office, .global, .network, .group, .school and many others. Having an internal domain-based namespace makes it easier to locate, manage and access systems.The problem is that over the past two years, the Internet Corporation for Assigned Names and Numbers (ICANN) has approved over 900 gTLDs for public use as part of an expansion effort. This can have unexpected security implications for applications and protocols used on domain-based corporate networks.To read this article in full or to leave a comment, please click here
The explosion of new generic top-level domains (gTLDs) in recent years can put enterprise computers at risk due to name conflicts between internal domain names used inside corporate networks and those that can now be registered on the public Internet.Many companies have configured their networks to use domain names, in many cases with made-up TLDs that a few years ago didn't use to exist on the Internet, such as .office, .global, .network, .group, .school and many others. Having an internal domain-based namespace makes it easier to locate, manage and access systems.The problem is that over the past two years, the Internet Corporation for Assigned Names and Numbers (ICANN) has approved over 900 gTLDs for public use as part of an expansion effort. This can have unexpected security implications for applications and protocols used on domain-based corporate networks.To read this article in full or to leave a comment, please click here
Lucian Constantin