Earning a high severity level from Lenovo’s own security advisory, anyone currently using a select number of the company’s Thinkpad, ThinkStation, and Thinkcentre systems should know that there’s an important vulnerability that needs to be fixed.
That’s because hidden within Lenovo’s Fingerprint Manager Pro software, there’s a flaw on machines running Windows 7, 8, and 8.1 that could potentially let a hacker log in to your computer using a hardcoded password, bypassing the fingerprint scanner, and even decrypt your current Windows credentials. According to Lenovo “A vulnerability has been identified in Lenovo Fingerprint Manager Pro.Read more
Qualcomm spent billions of dollars buying Apple’s loyalty. It must now shell out 997 million euros in fines after the European Union’s antitrust arm said the payments were an illegal ploy to ensure only its chips were used in iPhones and iPads.
Apple was cornered by Qualcomm with a 2011 deal that offered "significant" sums and rebates if it only bought the company’s chips, the European Commission said in an emailed statement. “Apple was thinking of switching” from Qualcomm to Intel chips “which would have made a big difference to Intel" but couldn’t do so until its Qualcomm pact was about to expire in September 2016, EU Competition Commissioner Margrethe Vestager told.Read more
Sega has said it is looking into claims that a trio of its Sonic games for Android are leaking personal data.
Security company Pradeo said late last week that it had discovered the Android games -- Sonic Dash, Sonic the Hedgehog Classic, and Sonic Dash 2: Sonic Boom -- were leaking user location data and device info. Based on the download ranges offered by the Play Store, collectively the leaks could impact between 120 million and 600 million users. Among the tracking and advertising issues, the security firm also said it found two issues that could result in man-in-the-middle attacks, and a bagful of others that could potentially lead to encryption weakness and denial of service.Read more
Intel says devices are rebooting more than usual after being patched with fixes it has issued to the Spectre and Meltdown security flaws in its chips. The company said it had reproduced the problem and was "making progress toward identifying the root cause".
It also shared information about how the patches might affect computer performance in data centres. One financial industry expert told he was concerned about the numbers being quoted. Intel said its tests showed a reduction in performance ranging from 2% to 25%. The US company said it was working with partners and customers to find ways to "address" the issue.Read more
Uber has ignored a security bug that can allow an attacker to hack into user accounts by bypassing two-factor authentication because the ride sharing company says the flaw "isn't a particularly severe" issue.
Two-factor authentication is a vital part of protecting online accounts. It adds a second layer of security on top of your username and password -- which can be be stolen -- by sending a code by text message to your phone, for example, which only you would have access to. More sites than ever are using two-factor to double-down on security after a spate of breaches in recent years that have exposed billions of passwords to hackers, who can use them to sign and take over accounts.Read more
Malware which aims to steal Facebook login credentials and also aggressively displays pop-up adverts has been uncovered targeting Android users via the Google Play store -- and may have been downloaded by hundreds of thousands of unwitting victims.
Dubbed GhostTeam after strings in the code by the analysts at security company Trend Micro which uncovered it, the malware was first published in April 2017 and was disguised in the official Android marketplace as utility apps, performance boosters, and social media video downloaders.Read more
There's a new bug floating around called "chaiOS" that appears to be a basic GitHub link. However, when you text it to a person via the iMessage app, it will crash the app and possibly cause the device to freeze and restart.
In other words: Be aware that this exists, but don't send it to anyone. It was Twitter user Abraham Masri who first uncovered the bug. The people tested it out, and it certainly messed up their devices. They reported crashes and severe lags as a result of the bugs that persisted until the thread containing the link was deleted from the iMessage app.Read more
Intel Corp on Thursday said that recently issued patches for flaws in its chips could cause computers using its older Broadwell and Haswell processors to reboot more often than normal and that Intel may need to issue updates to fix the buggy patches.
In a statement on Intel’s website, Navin Shenoy, general manager of the company’s data center group, said Intel had received reports about the issue and was working directly with data center customers to “discuss” the issue. “We are working quickly with these customers to understand, diagnose and address this reboot issue,” Shenoy said in the statement.Read more
When WhatsApp added end-to-end encryption to every conversation for its billion users two years ago, the mobile messaging giant significantly raised the bar for the privacy of digital communications worldwide.
But one of the tricky elements of encryption—and even trickier in a group chat setting—has always been ensuring that a secure conversation reaches only the intended audience, rather than some impostor or infiltrator. And according to new research from one team of German cryptographers, flaws in WhatsApp make infiltrating the app's group chats much easier than ought to be possible.Read more
For almost two years, hackers could have easily stolen your prized stash of bitcoins if you were keeping them in the popular software wallet Electrum, thanks to a critical security vulnerability that went unpatched until now.
The vulnerability allowed any website to steal bitcoins stored using Electrum, as long as the software was running and there was no encryption password set up, according to security researchers. The bug was initially reported by Github user “jsmad” on November 24, 2017. Electrum, however, didn’t fully patch the bug until Sunday, January 7, and only after Google security researcher alerted them to how serious the bug really was.Read more