Superfish – WindowsTechs.com

This Week in Security: Tegra Bootjacking, Leaking SSH, and StrandHogg

Posted on December 6, 2019 by Jonathan Bennett

CVE-2019-5700 is a vulnerability in the Nvidia Tegra bootloader, discovered by [Ryan Grachek], and breaking first here at Hackaday. To understand the vulnerability, one first has to understand a bit about the Tegra boot process. When the device is powered on, a irom firmware loads the next stage of the …read more

Continue reading This Week in Security: Tegra Bootjacking, Leaking SSH, and StrandHogg→

Lenovo Ordered to Pay $7.3M in Superfish Fiasco

Posted on December 3, 2018 by Tara Seals

The laptop giant will settle a 32-state class-action lawsuit stemming from pre-installing vulnerable ad-targeting software. Continue reading Lenovo Ordered to Pay $7.3M in Superfish Fiasco→

‘Critical’ flaw in apps for Sennheiser headphones allows certificate access

Posted on November 28, 2018 by Jeff Stone

Two applications developed by German electronics company Sennheiser contain vulnerabilities that could make it possible for hackers to forge digital certificates and impersonate legitimate websites. Sennheiser’s two apps, HeadSetup and HeadSetup Pro, installed certificates on users’ computers then failed to secure the key, according to a vulnerability report published Wednesday by the German security consulting firm Secorvo. The mistake means that hackers could decrypt the key and use the certificate, a means of digital authentication, to monitor victims’ traffic and launch main-in-the-middle attacks. “We found — caused by a critical implementation flaw — the secret signing key of one of the clandestine planted root certificates can be easily obtained by an attacker,” the Secorvo report states. “This allows him or her to sign up and issue technically trustworthy certificates. Users affected by this implementation bug can become victim of such a certificate forgery, allowing an attacker to send e.g. trustworthy signed […]

The post ‘Critical’ flaw in apps for Sennheiser headphones allows certificate access appeared first on Cyberscoop.

Continue reading ‘Critical’ flaw in apps for Sennheiser headphones allows certificate access→

Lenovo to pay $7.3m for installing adware in 750,000 laptops

Posted on November 28, 2018 by Waqas

By Waqas
In 2015, Beijing based laptop manufacturer and seemingly reliable technology company Lenovo made headlines that its 750,000 laptops had pre-installed adware called VisualDiscovery developed by Superfish. The adware played a vital role in compr… Continue reading Lenovo to pay $7.3m for installing adware in 750,000 laptops→

When three isn’t a crowd: Man-in-the-Middle (MitM) attacks explained

Posted on July 12, 2018 by Jovi Umawing

Maybe it’s the quirky way some tech writers abbreviate it, or the surreal way it reminded you of that popular Michael Jackson song. Whatever triggers you to remember the term, for most of us, man-in-the-middle embodies something both familia… Continue reading When three isn’t a crowd: Man-in-the-Middle (MitM) attacks explained→

Lenovo users must uninstall Accelerator app due to dangerous security hole

Posted on June 6, 2016 by David Bisson

Lenovo is urging users to uninstall its Accelerator application following the discovery of a serious security vulnerability.
David Bisson reports.
Continue reading Lenovo users must uninstall Accelerator app due to dangerous security hole→

Bloatware Insecurity Continues to Haunt Consumer, Business Laptops

Posted on May 31, 2016 by Michael Mimoso

High-severity vulnerabilities were found in pre-installed software updaters present in consumer and business laptops from vendors such as Dell, HP, Lenovo, Asus and Acer. Continue reading Bloatware Insecurity Continues to Haunt Consumer, Business Laptops→