New Security Flaw Found in Lenovo Solution Center Software

May 6, 2016 – 5:21 PM

A new vulnerability has been discovered in Lenovo’s much-maligned Lenovo Solution Center (LSC) software. The vulnerability allows attackers with local network access to a PC to execute arbitrary code, said researchers at Trustwave SpiderLabs.

The flaw allows an attacker to elevate privileges and is tied to the LSC application’s backend. It opens the door for a malicious attacker to start the LSC service and trick it in to executing arbitrary code in the local system context, said Karl Sigler, a SpiderLabs researcher at Trustwave.

LSC comes preloaded on nearly all Lenovo business and consumer desktops and laptop PCs. The software acts as a dashboard monitoring system health and security – from battery life, driver updates and firewall status. Lenovo has issued a fix for the security flaw last week. This is the second time the computer maker has had to patch LSC – the first being December 2015.

“In keeping with industry best practices, Lenovo moved rapidly to ready a fix and on April 26 it updated its security advisory disclosing this additional vulnerability and the availability of a fix that addressed it,” a Lenovo spokesperson told Threatpost.

Source:
https://threatpost.com/new-security-flaw-found-in-lenovo-solution-center-software/117896/

Google makes it mandatory for Chrome Apps to tell Users what Data they collect

April 19, 2016 – 5:09 PM

Around 40 percent of all Google Chrome users have some kind of browser extensions, plugins or add-ons installed, but how safe are they?

The company plans to enforce developers starting this summer, to “ensure transparent use of the data in a way that is consistent with the wishes and expectations of users.”

Google is making its Chrome Web Store safer for its users by forcing developers to disclose how they handle customers’ data.

Google’s new User Data Policy will now force app developers, who use the Chrome Web Store to distribute their products, to be more transparent about their data collection practices.

In other words, the company wants its Chrome users to know what’s happening when they use third-party apps and services that rely on its browser.

Source:
https://thehackernews.com/2016/04/chrome-data-security.html

ID Ransomware you have been hit with

April 16, 2016 – 1:39 PM

ID Ransomware is a new online service that allows you to upload ransom notes or encrypted file samples to identify the ransomware used to attack you.

So-called ransomware is an ever growing and evolving threat that is attacking computer systems to either hold files hostage by encrypting them, or locks access to the computer instead.

Most request Bitcoin payments promising that files or the system will be unlocked once the payment has been received. This alone can be problematic as users who are affected by a successful ransomware attack may not know how to obtain the Bitcoin needed to make the payment.

What many users affected by ransomware don’t know is that decryption or removal tools are available for certain kinds of ransomware which allow them to regain access to encrypted files or a locked computer without paying the ransom.

For that however, it is necessary to identify the ransomware first which can be a challenge in itself.

Source:
http://www.ghacks.net/2016/04/13/id-ransomware/

Experts crack nasty ransomware that took crypto-extortion to new heights

April 11, 2016 – 5:29 PM

A nasty piece of ransomware that took crypto-extortion to new heights contains a fatal weakness that allows victims to decrypt their data without paying the hefty ransom.

When it came to light two weeks ago, Petya was notable because it targeted a victim’s entire startup drive by rendering its master boot record inoperable. It accomplished this by encrypting the master boot file and displaying a ransom note. As a result, without the decryption password, the infected computer wouldn’t boot up, and all files on the startup disk were inaccessible. A master boot record is a special type of boot sector at the very beginning of partitioned hard drive, while a master boot file is a file on NTFS volumes that contains the name, size and location of all other files.Petya performs fake CHKDSK, and instead encrypts the master file table on disk.

Now, someone who goes by the Twitter handle @leostone has devised a tool that generates the password Petya requires to decrypt the master boot file. To use the password generator, victims must remove the startup drive from the infected computer and connect it to a separate Windows computer that’s not infected. The victim then extracts data from the hard drive, specifically (1) the base-64-encoded 512 bytes starting at sector 55 (0x37h) with an offset of 0 and (2) the 64-bit-encoded 8-byte nonce from sector 54 (0x36) offset 33 (0x21). By inputting the data into this Web app created by @leostone, the victim can retrieve the password Petya used to decrypt the crucial file.

Obtaining the hard drive data the Web app needs to derive the password isn’t a straight-forward undertaking for many. Fortunately, a separate researcher has developed a free tool called the Petya Sector Extractor that obtains the data in seconds. The app must be run on the computer that’s connected to the infected hard drive.

Source:
http://arstechnica.com/security/2016/04/experts-crack-nasty-ransomware-that-took-crypto-extortion-to-new-heights/

NoScript and other popular Firefox add-ons open millions to new attack

April 5, 2016 – 5:19 PM

NoScript, Firebug, and other popular Firefox add-on extensions are opening millions of end users to a new type of attack that can surreptitiously execute malicious code and steal sensitive data, a team of researchers reported.

The attack is made possible by a lack of isolation in Firefox among various add-ons installed by an end user. The underlying weakness has been described as an extension reuse vulnerability because it allows an attacker-developed add-on to conceal its malicious behavior by invoking the capabilities of other add-ons. Instead of directly causing a computer to visit a booby-trapped website or download malicious files, the add-on exploits vulnerabilities in popular third-party add-ons that allow the same nefarious actions to be carried out. Nine of the top 10 most popular Firefox add-ons contain exploitable vulnerabilities. By piggybacking off the capabilities of trusted third-party add-ons, the malicious add-on faces much better odds of not being detected.

“These vulnerabilities allow a seemingly innocuous extension to reuse security-critical functionality provided by other legitimate, benign extensions to stealthily launch confused deputy-style attacks,” the researchers wrote in a paper that was presented last week at the Black Hat security conference in Singapore. “Malicious extensions that utilize this technique would be significantly more difficult to detect by current static or dynamic analysis techniques, or extension vetting procedures.”

Of the top 10 most popular add-ons vetted by Mozilla officials and made available on the Mozilla website, only Adblock Plus was found to contain no flaws that could be exploited by a malicious add-on that relied on reuse vulnerabilities. Besides NoScript, Video DownloadHelper, Firebug, Greasemonkey, and FlashGot Mass Down all contained bugs that made it possible for the malicious add-on to execute malicious code. Many of those apps, and many others analyzed in the study, also made it possible to steal browser cookies, control or access a computer’s file system, or to open webpages to sites of an attacker’s choosing.

Source:
http://arstechnica.com/security/2016/04/noscript-and-other-popular-firefox-add-ons-open-millions-to-new-attack/