CES 2016: Lenovo Vibe S1 Lite announced; packs in an 8MP front-facing camera

Lenovo-Vibe-S1-Lite-Front-624x351.png




Lenovo has announced its all new Vibe S1 Lite smartphone ahead of CES 2016. The smartphone as the name suggests is a ‘lite’ version of the Lenovo Vibe S1 that was launched in 2015 in India. The S1 Lite is priced at $199 (approximately Rs 13,300) and is expected to go on sale by early 2016.

The Lenovo Vibe S1 Lite sports a design that is similar to the original Vibe S1 and when released in markets will also be available in similar colours like blue and white. The design sports a sandwiched metal frame with glass on the front and plastic on the back, which means Lenovo has gone easy with the specs as compared to its elder sibling, the Vibe S1.

Coming to the Vibe S1 Lite’s features, we get a 5-inch Full HD display up front, while a 1.3GHz octa-core MediaTek SoC hides right behind it. There’s 2GB of RAM and 16GB of internal storage along with a microSD card slot for memory expansion up to 128GB.

On the back we have a 13MP camera with a dual-tone LED flash, phase detection autofocus (PDAF) and a BSI sensor to complete the package. On the front, above the display, sits an 8MP camera that is also accompanied by an LED flash for better looking selfies.

The device packs in the usual connectivity options including 4G bands, Bluetooth, Wi-Fi, GPS and a micro USB connector for charging and data transfers. The smartphone boots to Android 5.1 Lollipop and is powered by a 2700mAh battery.

Indeed, this is the first of many announcements to come so keep checking TechTrainIndia for more updates. Lenovo on 4 January also announced a ThinkCentre X1 AIO desktop and ThinkPad X1 Yoga and ThinkPad X1 Carbon ultrabooks.

















Motorola Moto G (3rd Gen) getting Android 6.0 Marshmallow update in India

Motorola_640-624x351.jpg



Motorola has given a New Year’s treat to its Moto G3 users in India as the phones will now be get an Android 6.0 Marshmallow update.

“Here is something new and amazing for your Moto G (3rd Gen.), the Android 6.0 Marshmallow!” Motorola India announced on its Twitter account.

However, the exact date of the rollout was not mentioned in the tweet.

The third-generation phone of the Moto G series will now be upgraded from Android 5.1.1 (Lollipop) to Android 6.0.

The 2 GB update will add features like “Doze Mode” to extend the battery life, Google Now on Tap and simpler volume control and would remove the “Migrate” and “Assist” apps.

How to check for the update:

Generally, the phone would notify you about the update. If, however, one does not receive the notification, one can manually check for the update by going to Settings > About Phone > System Update.

The Moto G comes with a 5-inch HD display with a layer of Corning Gorilla Glass 3. It will sport the Android 5.1.1 OS along with proprietary Motorola features such as Moto Display, Quick Capture and Chop Twice. The phone will house a Qualcomm Snapdragon 410 SoC with a 1.4GHz quad-core processor. This will be paired with 1GB of RAM for the 8GB storage variant and 2GB RAM for the 16GB storage variant.

On the camera front, you will get a 13MP rear snapper along with a 5MP front-facing camera. The Moto G will come in the dual SIM configuration and will support 4G SIM cards as well. A 2,470mAh capacity battery completes the package.

With inputs from IANS



Motorola Moto 360 (2nd Gen) Men’s Collection launched; prices start from Rs 19,999

Motorola-Moto-360-2nd-Gen-Mens-Collection.png



Motorola has launched a new Moto 360 smartwatch collection based on the same Moto 360 (2nd Generation) which was launched in December last year. The new Men’s Collection now features more options such as cognac leather, black leather and black metal variants that have gone on sale via Amazon. In addition, one will also find a larger Moto 360 with the 46mm case in the cognac leather variant which is exclusive to Amazon.

The bigger cognac leather with a 46mm case is priced at Rs 20,999, while the standard version sells for Rs 19,999. The other variants include a black leather version priced at Rs 19,999 and an black metal version priced at Rs 23,999.
Motorola-Moto-360-2nd-Gen-Mens-Collection-Cognac-Leather.png
Launched on 1 December 2015, the Moto 360 (2nd Gen) packs in better internals compared to its predecessor. The device packs in a Corning Gorilla Glass 3 with a backlit LCD display that packs in a 1.2 GHz quad-core Qualcomm Snapdragon 400 processor and 512MB of RAM. The smartwatch packs in 4GB of internal storage, runs Google’s Android Wear and is IP67 dust and water resistant.

















Windows 10 now running on 200 million devices

windows-10-product-624x350.png



Microsoft Corp’s latest operating system, Windows 10, is running on 200 million devices in what the company said was the fastest adoption rate of any of its operating systems.

Windows 10, which the company released as a free download in July, powers both personal computers and devices like phones. It replaced Windows 8, the heavily criticized system dating from 2012.

Just over two months ago, Chief Executive Officer Satya Nadella said 110 million devices were running Windows 10, meaning the system is now on almost double the number of phones and PCs compared to before the holiday season.

“I would characterize this as white hot adoption out of the gate,” said Daniel Ives, an analyst at FBR Capital Markets, who has an “outperform” rating on the stock.

Much of the growth comes from retail consumers, with devices such as Microsoft’s Xbox gaming console helping drive adoption of Windows 10, the company said. Xbox’s busiest day ever was Dec. 28, it added.

But the ultimate success of Windows 10 will be judged by the take-up rate among businesses. About three-quarters of Microsoft’s enterprise customers are testing Windows 10, the company said.

Microsoft also needs more mobile developers to build apps for Windows 10 to help catch up with players like Apple and its popular iPhone and iPad devices. It reported some progress in that area Monday, citing more visits to its Windows Store for apps such as video service Netflix and music service Pandora.

Reuters







The Sony PlayStation Network is down worldwide

Sony’s PlayStation network on PlayStation Vita, PlayStation 3 and PlayStation 4 are down and the irritating fact for gamers is that the company has not given any time frame when the service will be back online.

The PlayStation Network is down worldwide. I’m just back home trying to play with my son when I had the ugly surprise. It is the first massive outage of the year, I searched for information on the Internet and I have found that all the users are suffering the same problem.

Like many other users, I’m receiving an error message saying that the PSN is currently “undergoing maintenance”.

The PlayStation Network online service allows users to access online features of many games and to the official store.

Sony confirmed that the network was “experiencing issues” and its status page showed that the problems were affecting all of its major services, the company hasn’t provided further details on the problem.



Play Station Network also suffered technical issues over the Christmas period, some users reported difficulties in authenticating the online services.

Last year hackers belonging to the hacking group of the Lizard Squad took down at Christmas the online networks of both Microsoft Xbox Live and PlayStation network (PSN) highlighting security issues affecting the services of Sony and Microsoft.

This year another group known as Phantom Squad announced its intention to ruin Christmas for gamers. Phantom Squad also said that both platforms are vulnerable to attacks, and they add that they were able to take down Xbox live during the weekend.

At the time I was writing, the Sony’s “Network Service Status” confirmed the problems suffered by users accessing the Sony platform.



The Sony Play Station network is down, including the PlayStation 3 and 4 and web services.
A screenshot from status.playstation.com shows the service is down:
Imag
It is unclear what caused the outage worldwide nor any hacking group has accepted responsibility for targeting the PlayStation network with their usual DDoS attacks. However, one Twitter user shared an Interesting DDoS map showing cyber attacks on the US from Chinese side (That doesn’t mean there was an attack on PlayStation network by Chinese hackers).

Google Patches Another Critical Mediaserver Vulnerability

Google Patches Another Critical Mediaserver Vulnerability 

Since last summer’s Stagefright vulnerabilities toppled the Android world for a few weeks, researchers inside and out of Google have been taking a close look at not only the maligned media playback engine, but also at Mediaserver where it lives.

Today’s release of the monthly Android Nexus Security Bulletin includes patches for another critical vulnerability in Mediaserver, keeping a streak going of consecutive months with serious issues addressed in the software.

Flaws in Mediaserver pose serious problems for Android devices because it interacts with a number of applications that can be used to exploit the bug, including MMS and browser media playback features. Versions 5.0, 5.1.1, 6.0 and 6.0.1 are affected, Google said.

Google said in today’s advisory that the Mediaserver flaw, CVE-2015-6636, is the most serious among the dozen being patched, and that it allows an attacker to use email, web browsing MMS processing of media files to exploit the vulnerability and remotely execute code.
“During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process,” Google said.
Google patched five vulnerabilities, including Mediaserver, that it rated critical, two rated high, and five others rated moderate.

The remaining critical flaws were all elevation of privilege issues in the misc-sd driver, the Imagination Technologies driver, Trustzone, the Android kernel and in the Bluetooth implementation.

The misc-sd driver and Imagination Technologies driver issues could malicious apps downloaded to the device to execute code at kernel level, and could result in a permanent compromise that would be addressed only by re-flashing the operating system, Google said.

The Trustzone vulnerabilities were found in the Widevine QSEE Trustzone application and would allow the compromise of apps with access to the QSEECOM to execute code in the Trustzone context, Google said.

A separate elevation of privilege issue was found in the kernel that would also open the door to malicious apps executing code in the kernel.

Of the two flaws rated High by Google, the one found in the Android Bluetooth component puts personal information at risk. It, Google said, could allow a device paired over Bluetooth to access personal information such as contacts.

The other rated high is an information disclosure vulnerability in the kernel that could allow an attacker to bypass security features in the operating system. Google added the flaws could be used to gain elevated privileges such as Signature or SignatureOrSystem.

The remaining vulnerabilities addressed today were rated moderate and include elevation of privilege flaws in the Android Setup Wizard and Wi-Fi, an information disclosure bug in Bouncy Castle crypto APIs, and a denial-of-service flaw in SyncManager.

Google also removed SysV IPC from Android because it is not supported in the OS and exposes additional attack surface.

Ransom32 - The First Ransomware based on Javascript & Cross Platform Compatibility


A new Ransomware as a Service, or RaaS, called Ransom32 has been discovered that for the first time uses a ransomware written in Javascript. Located on an underground TOR site, the Ransom32 RaaS is a simple, but efficient, service where anyone can download and distribute their very own copy of the ransomware executable as long as they have a bitcoin address.  For offering this service, the developers of Ransom32 take a 25% cut of all ransom payments and then forward the rest to the bitcoin address an affiliate entered when they joined the affiliate program.


The first Javascript Ransomware

What makes this ransomware unique is that it is the first ransomware programmed entirely in Javascript, HTML, and CSS.  This ransomware uses the NW.js platform that allows developers to create native applications for Linux, Mac, and Windows using HTML5, CSS3, Javascript, and WebGL.  Using NW.js a developer can take their scripts and html and package them into a Chromium executable that when executed automatically runs the embedded JS and HTML.

What makes the Ransom32 RaaS so scary is that Javscript and HTML are cross-platform and run equally as well on Macs and Linux as they do in Windows. This means that with some minor tweaks, the Ransom32 developers could easily make NW.js packages for Linux and Mac computer. Though there does not seem to be any indication that this is being done as of yet, doing so would be trivial.

It is inevitable that ransomware will be created for operating systems other than Windows Using a platform like NW.js just brings us one steps closer.

First Glance:

Ransom32 was first reported by infected users  Fabian Wosar of Emsisoft and Security Researcher xXToffeeXx searched for a sample they stumbled upon the Ransom32 TOR affiliate service. It is very easy for an affiliate to join this RaaS as all that is needed is a bitcoin address that the affiliate's share of the ransom payment will be sent to.




Once a bitcoin address is submitted, an affiliate will be shown an Affiliate Console where they can see the statistics for their personal distribution campaign and configure various settings on how the ransomware should be executed.





 
This affiliate console will contain statistics that include the number of people that successfully installed the client, the number of people that were shown the lock screen when the encryption was completed, the number of bitcoin transactions to your address, and the amount of ransom payments sent to your payout address.
In the console an affiliate will also be able to configure various settings for how the Ransom32 executable should run.

The listed settings and the Ransom32 developer's descriptions for them are:
BTC amount to ask:  BTC amount to ask. Don't be too greedy or people will not pay.

Fully lock the computer: By default the lockscreen will popup each X seconds after being minimized. You can configure it so the user will not be able to minimize the lock screen. The downside is that will be more difficult for the users to check that their files were truly encrypted and also they will need to find another method to send your Bitcoins as the browser will be blocked too.

Low CPU Usage: Will encrypt files at 0-25% speed while the lock window is not shown, so the process won't be noticeable in the task manager by an advanced user because of high CPU consumption.

Show the lockscreen before encrypting: By default the client will show the lockscreen after encrypting part of the files in the computer (filesize under 50 Mb) and continue encrypting in the background. You can tell it to show the lockscreen right after installing, before encrypting any file in the background. The downside is that if the user tries to check his files just when the window pops in, he will notice that any file has been encrypted (although it is encrypting while is running).

Show a message Box: This box will be shown before installing and before any latent timeout is applied.

Latent Timeout: The client will "wake up", connect to the server and start encrypting after this amount of seconds passed after installing. The client won't connect to the server until it wakes up (more stealth), so you won't notice an install in your stats until this moment. NOTE: The client will not save the latent info as-is. Will be mixed with some data so is not understandable at first sight. Because of this, expect a 0-4 minutes drift to your timeout.



Once an affiliate has configured the ransomware to their liking, they simply need to click on the download button to generate and download their customized copy of Ransom32.  This download is a self-extracting RAR file that weighs in at 22MB and when extracted totals over 67MB. Once the customized ransomware is downloaded, it is up to the affiliate to determine how it should be distributed.
An important feature for any "commerce" campaign is to be able to track its performance. As only a bitcoin address is required to join the affiliate program, it is very easy for an affiliate to track each distribution method's performance by simply using a different address for each campaign.




Encryption Process

The download that is generated by the affiliate is actually a 22MB self-extracting archive that when extracted is over 67MB.  When this executable is run, it will extract numerous files into the C:\Users\User\AppData\Roaming\Chrome Browser folder and creates a shortcut in the Start Menu's Startup Folder called ChromeService so that the ransomware starts at login.  The shortcut points to a chrome.exe executable that is actually a NW.js package that contains Javascript code that will encrypt the victim's data and then display a ransom note.
The files extracted into the Chome Browser folder are:
  • chrome - The Chromium license agreement.
  • chrome.exe - This is the main executable for the malware and is a packaged NW.js application bundled with Chromium.
  • ffmpegsumo.dll - HTML5 video decoder DLL that is bundled with Chromium.
  • - The settings file that contains various information used by the malware. This information includes the affiliate's ransom amount, bitcoin address that they receive payments on, and error message that is shown in a messagebox if the Show a message Box setting was enabled.
  • icudtl.dat - File used by Chromium
  • locales - Folder containing various language packs used by Chrome.
  • msgbox.vbs - The messagebox displayed if the affiliate enabled the Show a message Box setting.
  • nw.pak - Required for the NW.JS platform.
  • rundll32.exe - Renamed TOR executable so that the malware can communicate with the TOR Command and Control server.
  • s.exe - Renamed Shortcut.exe from OptimumX. This is a legitimate program used by the malware to create the ChromeService shortcut in the Startup folder.
  • u.vbs - A VBS script that deletes a specified folder and its contents.




 At glance it looks suspiciously like a copy of the famous browser "Chrome". The forgery is revealed only in that it does not have a digital signature and version information is missing. Further analysis they expose as a packed NW.js application.
When encrypting your data, Ransom32 will target only specific file extensions and encrypt them using AES encryption. The targeted file extensions are:

* .jpg, * .jpeg, * .raw, * .tif, * .gif, * .png, * .bmp, * .3dm, * .max, * .accdb, * .db, * .dbf, *. mdb, * .pdb, * .sql, *. * SAV *, *. * SPV *, *. * grle *, *. * MLX *, *. * SV5 *, *. * game *, *. * Slot *, * .dwg, * .dxf, * .c, * .cpp, * .cs, * .h, * .php, * .asp, * .rb, * .java, * .jar, * .class, * .aaf, * .aep, * .aepx, * .PLB, * .prel, * .prproj, * .aet, * .ppj, * .psd, * .indd, * .indl, * .indt, *. indb, * .inx, * .idml, * .pmd, * .xqx, * .xqx, * .ai, * .eps, * .ps, * .svg, * .swf, * .fla, * .as3, * .as, * .txt, * .doc, * .dot, * .docx, * .docm, * .dotx, * .dotm, * .docb, * .rtf, * .wpd, .wps, *. msg, * .pdf, * .xls, * .xlt, * .xlm, * .xlsx, * .xlsm, * .xltx, * .xltm, * .xlsb, * .xla, * .xlam, * .xll, * .xlw, * .ppt, * .pot, * .pps, * .pptx, * .pptm, * .potx, * .potm, * .ppam, * .ppsx, * .ppsm, * .sldx, *. sldm, * .wav, * .mp3, * .aif, * .iff, * .m3u, * .m4u, * .mid, * .mpa, * .wma, * .ra, * .avi, * .mov, * .mp4, * .3gp, * .mpeg, * .3g2, * .asf, * .asx, * .flv, * .mpg, * .wmv, * .vob, * .m3u8, * .csv, *. EFX, * .sdf, * .vcf, * .xml, * .ses, * .dat


 Notice how Ransom32 also uses wild cards in the targeted file extensions. This allows the program to to target a greater variety of extensions. For example, with the .*sav* extension, not only will .sav files be targeted, but also files ending with .save, .gamesave, or .mysaves will be encrypted as well.  When encrypting data files, it does not rename a victim's files and will not encrypt any files located in the following folders:

  • : \ Windows \
  • : \ winnt \
  • ProgramData \
  • boat\
  • temp \
  • tmp \
  • $ RECYCLE.BIN \ 


When it has finished encrypting your data it will display the Ransom32 ransom lock screen/ransom note as shown below.

 

The Ransom32 lock screen will display information that tells the victim what has happened to their files, how to pay the ransom, the ransom amount, and the bitcoin address a ransom payment is sent to. The language used by the lock screen is shown in either English or Spanish, with the default appearing to be English. Last, but not least, this screen allows you to decrypt one file for free to prove that it can be done.


 Encryption is performed under the AES (Advanced Encryption Standard) 128-bit key with the CTR mode. For each file, a new key is created. This in turn with the RSA algorithm and a public key encrypted, which was retrieved in the first communication with the C2 server.
 

Extract from the individual protocol exchange between Ransom32 and the C2 server to Bitcoin address (violet) and retrieve public keys (length in yellow, key in green).
 
The encrypted AES key is used together with the AES-encrypted data in the - saved file - now also encrypted.
 
The malware also offers to decrypt a single file again to prove the victim that the malware developer encryption can actually pick up again. For this purpose it sends the encrypted AES key of the selected file to the C2 server, which then sends back the decrypted AES key for the file.
  


Files installed by Ransom32:

%Temp%\nw3932_17475
%AppData%\Microsoft\Windows\Start Menu\Programs\Startup\ChromeService.lnk
%AppData%\Chrome Browser\
%AppData%\Chrome Browser\.chrome\
%AppData%\Chrome Browser\.chrome\cached-certs
%AppData%\Chrome Browser\.chrome\cached-microdesc-consensus
%AppData%\Chrome Browser\.chrome\cached-microdescs
%AppData%\Chrome Browser\.chrome\cached-microdescs.new
%AppData%\Chrome Browser\.chrome\lock
%AppData%\Chrome Browser\.chrome\state
%AppData%\Chrome Browser\chrome
%AppData%\Chrome Browser\chrome.exe
%AppData%\Chrome Browser\ffmpegsumo.dll
%AppData%\Chrome Browser\g
%AppData%\Chrome Browser\icudtl.dat
%AppData%\Chrome Browser\locales\
%AppData%\Chrome Browser\msgbox.vbs
%AppData%\Chrome Browser\n.l
%AppData%\Chrome Browser\n.q
%AppData%\Chrome Browser\nw.pak
%AppData%\Chrome Browser\rundll32.exe
%AppData%\Chrome Browser\s.exe
%AppData%\Chrome Browser\u.vbs
 

Unfortunately, at this time there is no known way to decrypt the files for free, but if anything changes we will post about it here.


Source: Emsisoft & BleepingComputer
 
Subscribe to: Posts (Atom)