ICYMI: Lenovo MiTM bug, 'hero' Snowden & cyber-insurance trust

This week's In Case You Missed It (ICYMI) column looks at the latest Lenovo flaw, Edward Snowden's standing in the UK, trust in cyber-insurance and a new version of TorrentLocker.

ICYMI: Lenovo MiTM bug, 'hero' Snowden & cyber-insurance trust
ICYMI: Lenovo MiTM bug, 'hero' Snowden & cyber-insurance trust

PC maker Lenovo exposes users to "massive security risk"

World number one PC maker Lenovo was accused of running a "massive security risk" because flaws in its online product update service allow hackers to download malware onto its users' systems through a man-in-the-middle (MiTM) attack.

The problems have been revealed by security firm IOActive – just weeks after Lenovo was found to be shipping PCs with pre-installed ‘Superfish' adware that also left its users open to MITM attacks.

IOActive researchers Michael Milvich and Sofiane Talmat say in an advisory that they discovered the latest “high-severity” privilege escalation vulnerabilities in Lenovo's System Update service, which enables users to download the latest drivers and other software, including security patches, from Lenovo's website.

The researchers found the flaws in February, and have now gone public on them after giving Lenovo time to develop a patch, issued last month. But while the patch fixes the problems, users have to download the security update to protect themselves.

NSA whistleblower Snowden a 'hero' - but not in the UK?

NSA and GCHQ whistleblower Edward Snowden and the film on his leaks, Citizenfour, were celebrated at an F-Secure event at 44CON in London last week, but questions remain whether the UK really got the message on privacy and government surveillance.

F-Secure CEO Christian Fredrikson and Allen Scott, managing director of F-Secure in the UK, opened the presentation by saying they were ‘enthralled' about the success of the film, with Scott adding that it "had changed our view of the way we look at data and privacy.”

“Whatever your opinion of him is, if he's a villain or a hero, you've got to admit that what he did was extremely brave. Think about yourself, would you be able to do same?” asked Fredrikson, adding that this was testament that he, “obviously believes very strongly in what he does.” But that view is not necessarily shared in the UK.

Cyber-insurance not trusted by business, KPMG claims

Senior heads of security don't trust cyber-insurance products, viewing with scepticism the chances of getting a payout in the event of a cyber-attack, according to research from KPMG.

Based on a survey of senior information security professionals from organisations which are members of KPMG's International Information Integrity Institute (I-4), 74 percent of businesses have no cyber insurance.

Given that 79 percent of companies believe that cyber-threats are likely to increase in the next 12 months, the results would be inexplicable except for the fact that at least half of businesses believe that a cyber-insurance policy may not pay out when needed.

Mark Waghorne, head of I-4, is concerned that many businesses would rather not have insurance against a threat they believe is inevitable.

He revealed that 30 percent of information security professionals in the survey believe the cyber insurance industry has yet to mature. “Insurers will need to deliver more comprehensive packages in order to convince the business community that they can and will protect against losses on cyber-crime,” Waghorne said.

Users getting hit by Crypt0L0cker update to TorrentLocker ransomware

Mark James, UK security specialist at ESET, wasn't surprised at the latest variant of ransomware, describing it as a natural development driven by the need to keep up with developments in antivirus software.

“They make a lot of money from this so there is strong incentive for them to adapt,” he said. “There will be any number of variants available – they will constantly be updating themselves.” In particular, expect advances in how they are delivered and how they take instructions from the command-and-control server.

Unfortunately for those individuals and organisations infected by ransomware, there is nothing that can be done to decrypt the data, leaving you the option of paying the ransom or restoring from backup.

With the price of the ransom typically set to the equivalent of a few hundred pounds or dollars, the temptation to quickly fix the problem by paying it can be very strong, but James cautioned against this course of action.

Criminals usually insist on being paid in Bitcoins which can lead you to more risky sites where you may pick up additional malware. Then there is the chance that in the time it takes you to get the decryption package, the criminals may have been shut down by law enforcement, leaving you out of pocket and with no way to get your files unlocked.

Why Geofencing will become the next endpoint security innovation

Geofencing can restrict access to devices or applications while inside a company's perimeter, making it impossible for devices outside the perimeter to access the network, explains CoSoSys' Roman Foeckl.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US