iT and Beyond Pty Ltd

Blog

Home2016

Archive for 2016

IT Security Tips – Lenovo Security Alert

lenovo_logo_red-930x488

IT Security Tip – Lenovo Security Alert: Accelerator Vulnerability

If you own a Lenovo computer you may want to read on! 

Lenovo have announced that their installed system software on Windows machines has a security flaw.  The software in question is Lenovo Accelerator ApplicationThe Lenovo Accelerator Application is used to speed up the launch of Lenovo applications and was installed in some notebook and desktop systems pre-loaded with the Windows 10 operating system.

The company warned that an attacker with man in the middle position on a network could exploit the vulnerable update mechanism, and run arbitrary code on users’ systems. The vulnerability is rated as high risk by Lenovo. How the application works, an UpdateAgent pings a Lenovo server every ten minutes for updates, with the entire data exchange in plain text over HTTP. An attacker could easily impersonate the Lenovo update server, and deliver malware on users’ computers as UpdateAgent makes no effort to validate patches that are downloaded and executed on systems.

 The full list of impacted devices is vast but include the Lenovo Notebook 305, Edge 15, Flex 2 Pro and Yoga product lines. In addition, Lenovo’s IdeaCenter and Yoga Home 500 are amongst the 39 desktop models impacted by the security flaw.  You can read the full list here.

Lenovo ThinkPad and ThinkStation devices are not affected by this security issue.

The Chinese PC maker recommends that users immediately uninstall the software. You can do so by going to the ‘Apps and Features’ application in Windows 10, selecting the Lenovo Accelerator Application and clicking on “Uninstall.”

For our clients who enjoy our Proactive Managed IT Support services, we have identified if you have any of the Lenovo models affected and remotely uninstalled the Lenovo Accelerator Application.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Android Smartphone Attacks

android

 

 

 

 

 

The mobile phone is not like the old days when it was just used to make calls and send the odd text message. The mobile phone is now a Smartphone, a computer in your pocket which runs an OS just like a standard computer with plenty of Apps to play with. Almost everyone now has a Smartphone which means there are millions of us globally connected to a digital mobile network. Being computer based this now gives hackers another chapter in there quest to try to gain access to our personal information or completely destroy all data on a advice  in a new way.

Just recently announced there is a new highly advanced malware called Mazar that is being used to attack Android phones via text messaging. The message incorporates a web link. If a user clicks on the link, an attacker can gain full administrator-level control of the phone and perform tasks such as sending premium text messages, accessing or changing confidential data, making phone calls, steal passwords and information from web sites accessed on the phone.

“Over one billion devices are protected with Google Play which conducts 200 million security scans of devices per day,” a Google spokeswoman said.

“Fewer than 1% of Android devices had a Potentially Harmful App installed in 2014, and fewer than 0.15% of devices that only install from Google Play had a Potentially Harmful App installed,” she added.

Advice to users

  • Never tap on web links in text messages from unfamiliar phone numbers
  •  Be cautious of links even if the message appears to be from a known contact since sometimes this can be spoofed
  • Always keep an up-to-date Anti-virus app on your Android devices
  • Avoid unknown and unsecured WiFi hotspots
  • Keeping your WiFi turned OFF when not in use

 

 

 

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →
Page 2 of 2 12