Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 3 October, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

New Flaws Identified in Lenovo’s System Update Service

by The Gurus
May 7, 2015
in Editor's News
Share on FacebookShare on Twitter

IoActive’s researchers have identified some new flaws in Lenovo’s system update service that can be used by hackers to create fake certificates for executable files.
IOActive detailed three separate vulnerabilities that hackers could bypass checks to ensure the integrity of apps, allowing them to run malware on an affected Lenovo machine.
“An attacker can create a fake [certificate authority] and use it to create a code-signing certificate, which can then be used to sign executables,” the advisory says. “Since the System Update failed to properly validate the certificate authority, the System Update will accept the executables signed by the fake certificate and execute them as a privileged user.”
Kevin Bocek, Vice President, Security Strategy & Threat Intelligence at Venafi, explained the implications of fake certificates, “With a compromised or forged certificate, you can masquerade as a trusted service, hide in encryption, and go undetected. Using keys and certificates attempted to solve the first security problems on the Internet – what can I trust and what can be private.”
Boceck also explained that Lenovo are not alone with this problem. “Lenovo is certainly not alone in their inability to properly validate digital certificates – this is just the tip of the iceberg. And as this vulnerability shows, if you can compromise certificates, other security controls break down. ”
Lenovo has issued a patch for the flaw.

FacebookTweetLinkedIn
Tags: CertificateCyberCyber Securityinformation securityIoActivelenovoMalwareVenafiVulnerability
ShareTweet
Previous Post

eShop Plugin Vulnerability Leaves 10,000+ WordPress Websites At Risk

Next Post

Theresa May signals Tory majority could revive snoopers’ charter

Recent News

threat hunting

Threat Hunting with MITRE ATT&CK

October 2, 2023
Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information