SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
#Lenovo
30 Jan 2018

Lenovo’s fingerprint manager left passwords vulnerable

Earning a high severity level from Lenovo’s own security advisory, anyone currently using a select number of the company’s Thinkpad, ThinkStation, and Thinkcentre systems should know that there’s an important vulnerability that needs to be fixed.

That’s because hidden within Lenovo’s Fingerprint Manager Pro software, there’s a flaw on machines running Windows 7, 8, and 8.1 that could potentially let a hacker log in to your computer using a hardcoded password, bypassing the fingerprint scanner, and even decrypt your current Windows credentials. According to Lenovo “A vulnerability has been identified in Lenovo Fingerprint Manager Pro. 

Read more
Tags:
Lenovo information leaks
Source:
Gizmodo
1606
6 Sep 2017

Lenovo reaches tentative settlement over Superfish PC adware

Users who purchased a Lenovo PC between September 2014 and January 2015 got an extra special surprise in the form of adware that left them wide open to malicious attacks. After two and a half years of legal wrangling, the Federal Trade Commission settled its lawsuit against the company, and it’s hard to imagine that executives learned their lesson.

On Monday, the FTC announced that Lenovo will have to inform its customers of all the software that comes pre-loaded on its products and receive the user’s consent. The company will also be subject to 20 years of audited security checks. 

Read more
Tags:
Lenovo Superfish information leaks
Source:
Engadget
1565
29 Jun 2016

Lenovo patches two high severity flaws in PC support tool

Lenovo has fixed two high-severity vulnerabilities in the Lenovo Solution Center support tool that is preinstalled on many laptop and desktop PCs. The flaws could allow attackers to take over computers and terminate antivirus processes.

Lenovo Solution Center allows users to check their system's virus and firewall status, update their Lenovo software, perform backups, check battery health, get registration and warranty information and run hardware tests. Privilege escalation flaws like this one cannot be used by themselves to compromise computers, but are often used in exploit chains.

Read more
Tags:
Lenovo information leaks
Source:
Network World
2103
3 Jun 2016

Lenovo begs users to uninstall Accelerator app in the name of security

Lenovo has urged users to uninstall bloatware bundled on Windows 10 devices by the company after critical security holes were discovered. 

The Chinese PC maker said in a security advisory a vulnerability within the company's Lenovo Accelerator Application software is a "high severity" problem which could give attackers the avenue to launch man-in-the-middle attacks against users. MITM attacks occur when a vulnerable machine has been infected with malware which contains surveillance capabilities or a vulnerable web browser is communicating with an insecure server. This type of attack may not show visible signs.

Read more
Tags:
Accelerator information leaks Lenovo
Source:
ZDNet
2347
27 Jan 2016

Lenovo protected its file sharing app with 12345678 password

A security researcher has discovered a number of vulnerabilities in Lenovo’s SHAREit app, the worst being the use of “12345678” as a hard-coded, default password. The problems have been patched in the software’s latest release.

SHAREit is an app found on many of Lenovo’s products to allow users to share files across devices. Some ThinkPad, and IdeaPad computers, along with Lenovo smartphones, were impacted by the bug. Core Security found four vulnerabilities in the app but the password issues stick out the most. In one of its advisories, Core Security found that when the app is receiving files, it sets a password on a Wi-Fi hotspot.

Read more
Tags:
password Lenovo information leaks
Source:
Digital Trends
2321
9 Dec 2015

Dell, Toshiba, and Lenovo PCs at risk of bloatware security flaws

A trifecta of vulnerabilities has been found in software preinstalled on a number of Dell, Toshiba, and Lenovo consumer and enterprise PCs and tablets, affecting millions of users.

A proof-of-concept that was posted online could allow an attacker to run malware at the system level, regardless of what kind of user is logged in. A user can be tricked into opening a specially-crafted web page, either as a drive-by download or through an email attachment, which could allow an attacker to exploit the flaw. The security researcher confirmed that he did not inform Dell, Toshiba, and Lenovo of the flaws before the the proof-of-concept code was posted online.

Read more
Tags:
information leaks Lenovo Dell Toshiba
Source:
ZDNet
2156
25 Sep 2015

Yet another pre-installed spyware app discovered on Lenovo computers

Lenovo seems to be testing the boundaries of trust. First came the Superfish scandal where they were found to be pre-loading ad software that was so poorly implemented that it left victims/customers vulnerable to serious security flaws.

Then, Lenovo software was discovered on a fresh install of the retail edition of Windows. Lenovo had been modifying the BIOS, to insure that, no matter what a customer did, their software got installed. And, this was software referred to as "crapware". That the software was buggy, just made a bad situation worse. In the end, Lenovo updated the BIOS not to muck around with the installed copy of Windows.

Read more
Tags:
Lenovo surveillance Windows
Source:
Computerworld
2778
13 Aug 2015

Lenovo used a hidden Windows feature to ensure its software could not be deleted

A recently uncovered feature – which had been swept under the rug – allowed new Lenovo laptops to use new Windows features to install the company’s software and tools even if the computer was wiped.

The users discovered the issue in May when using a new Lenovo laptop that automatically and covertly overwrote a system file on every boot, which downloaded a Lenovo updater and installed software automatically, even if Windows was reinstalled from a DVD. The only problem is that nobody actually asked for this software, and it persisted between clean installs of Windows. Lenovo was essentially exploiting a rootkit on its own laptops to ensure its software persists if wiped.

Read more
Tags:
Lenovo information leaks Windows
Source:
The Next Web
2443
6 May 2015

Lenovo computers have another massive security risk

Three months after Lenovo was called out for installing dangerous software onto its computers, the world's largest PC manufacturer has once again been accused of lax security measures.

Security firm reports that it discovered major vulnerabilities in Lenovo's update system that could allow hackers to bypass validation checks, replace legitimate Lenovo programs with malicious software, and run commands from afar. Through one of the vulnerabilities, IOActive researchers explained that attackers could create a fake certificate authority to sign executables, allowing malicious software to masquerade as official Lenovo software.

Read more
Tags:
Lenovo information leaks
Source:
The Verge
2450
24 Feb 2015

Lenovo slapped with lawsuit over dangerous adware

Lenovo, the largest PC manufacturer in world, admitted to pre-loading the Superfish adware on some consumer PCs. Lenovo has been accused of fatally compromising user security by installing an adware application on all its Windows computers as they leave the factory.

Unhappy customers are now dragging the company to court on the matter. A proposed class-action suit was filed late last week against Lenovo and Superfish, which charges both companies with “fraudulent” business practices and of making Lenovo PCs vulnerable to malware and malicious attacks by pre-loading the adware. The lawsuit was filed after Lenovo admitted to pre-loading Superfish.

Read more
Tags:
Lenovo malvertising Superfish surveillance
Source:
PCWorld
2249
SafeUM NEWS
27 Apr 2017 safeum news imgage Encrypted Group Chat
4 Apr 2017 safeum news imgage Each SafeUM user gets free anonymous phone number
10 Mar 2017 safeum news imgage SafeUM useful features to help you feel safe
28 Sep 2016 safeum news imgage Secure Messenger SafeUM
21 Jul 2015 safeum news imgage New secured zone of Google Play: secure messenger SafeUM for Android. Download, Install, Communicate
3 Apr 2015 safeum news imgage We are beginning to test SafeUM for Windows Phone
25 Feb 2015 safeum news imgage SafeUM messenger is available for public testing
20 Feb 2015 safeum news imgage Algorithms and encryption schemes used for secure messenger SafeUM
30 Jan 2015 safeum news imgage New "TOP Security!" app is on the App Store
22 Jan 2015 safeum news imgage Free "TOP Security!" app is available on Google Play
28 Oct 2014 safeum news imgage How are security keys generated in SafeUM?
19 Jun 2014 safeum news imgage SafeUM is the best messenger for data protection and information security
16 Jun 2014 safeum news imgage Become a SafeUM tester and get free PREMIUM subscription for a year
12 May 2014 safeum news imgage Why Premium secure messenger SafeUM cannot be free
25 Apr 2014 safeum news imgage Encrypted secure messaging for every mobile device
All news
First page Previous
1 2
Next Last page
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015