Tag Archives: which

New Intel AMT Security Issue Lets Hackers Gain Full Control of Laptops in 30 Seconds

It’s been a terrible new-year-starting for Intel.

Researchers warn of a new attack which can be carried out in less than 30 seconds and potentially affects millions of laptops globally.

As Intel was rushing to roll out patches for Meltdown and Spectre vulnerabilities, security researchers have discovered a new critical security flaw in Intel hardware that could allow hackers to access corporate laptops remotely.

Finnish cyber security firm F-Secure reported unsafe and misleading default behaviour within Intel Active Management Technology (AMT) that could allow an attacker to bypass login processes and take complete control over a user’s device in less than 30 seconds.

AMT is a feature that comes with Intel-based chipsets to enhance the ability of IT administrators and managed service providers for better controlling their device fleets, allowing them to remotely manage and repair PCs, workstations, and servers in their organisation.

The bug allows anyone with physical access to the affected laptop to bypass the need to enter login credentials—including user, BIOS and BitLocker passwords and TPM pin codes—enabling remote administration for post-exploitation.

In general, setting a BIOS password prevents an unauthorised user from booting up the device or making changes to the boot-up process. But this is not the case here.

The password doesn’t prevent unauthorised access to the AMT BIOS extension, thus allowing attackers access to configure AMT and making remote exploitation possible.

Although researchers have discovered some severe AMT vulnerabilities in the past, the recently discovered issue is of particular concern because it is:

  • easy to exploit without a single line of code,
  • affects most Intel corporate laptops, and
  • could enable attackers to gain remote access to the affected system for later exploitation.

“The attack is almost deceptively simple to enact, but it has incredible destructive potential,” said F-Secure senior security researcher Harry Sintonen, who discovered the issue in July last year.

“In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures.”

According to the researchers, the newly discovered bug has nothing to do with the Spectre and Meltdown vulnerabilities recently found in the microchips used in almost all PCs, laptops, smartphones and tablets today.

Here’s How to Exploit this AMT Issue

To exploit this issue, all an attacker with physical access to a password (login and BIOS) protected machine needs to do is reboot or power-up the targeted PC and press CTRL-P during boot-up, as demonstrated by researchers at F-Secure in the above video.

The attacker then can log into Intel Management Engine BIOS Extension (MEBx) with a default password.

Here, the default password for MEBx is “admin,” which most likely remains unchanged on most corporate laptops.

Once logged in, the attacker can then change the default password and enable remote access, and even set AMT’s user opt-in to “None.”

Now, since the attacker has backdoored the machine efficiently, he/she can access the system remotely by connecting to the same wireless or wired network as the victim.

Although exploiting the issue requires physical access, Sintonen explained that the speed and time at which it can be carried out makes it easily exploitable, adding that even one minute of a distraction of a target from its laptop is enough to do the damage.

Attackers have identified and located a target they wish to exploit. They approach the target in a public place—an airport, a café or a hotel lobby—and engage in an ‘evil maid’ scenario,” Sintonen says.

Essentially, one attacker distracts the mark, while the other briefly gains access to his or her laptop. The attack doesn’t require a lot of time—the whole operation can take well under a minute to complete.

Along with CERT-Coordination Center in the United States, F-Secure has notified Intel and all relevant device manufacturers about the security issue and urged them to address it urgently.

Meanwhile, users and IT administrators in an organisation are recommended to change the default AMT password of their device to a strong one or disable AMT if this option is available, and never leave their laptop or PC unattended in a public place.

[Bug] macOS High Sierra App Store Preferences Can Be Unlocked Without a Password

macOS-high-sierra-password-unlock

Yet another password vulnerability has been uncovered in macOS High Sierra, which unlocks App Store System Preferences with any password (or no password at all).

A new password bug has been discovered in the latest version of macOS High Sierra that allows anyone with access to your Mac to unlock App Store menu in System Preferences with any random password or no password at all.

The impact of this vulnerability is nowhere as serious as the previously disclosed root login bug in Apple’s desktop OS that enabled access to the root superuser account simply by entering a blank password on macOS High Sierra 10.13.1.

As reported on Open Radar earlier this week, the vulnerability impacts macOS version 10.13.2 and requires the attacker to be logged in with an administrator-level account for this vulnerability to work.

I checked the bug on my fully updated Mac laptop, and it worked by entering a blank password as well as any random password.

If you’re running latest macOS High Sierra, check yourself:

  • Log in as a local administrator
  • Go to System Preferences and then App Store
  • Click on the padlock icon (double-click on the lock if it is already unlocked)
  • Enter any random password (or leave it blank) in login window
  • Click Unlock, Ta-da!

Once done, you’ll gain full access to App Store settings, allowing you to modify settings like disabling automatic installation of macOS updates, app updates, system data files and even security updates that would patch vulnerabilities.

We also tried to reproduce the same bug on the latest developer beta 4 of macOS High Sierra 10.13.3, but it did not work, suggesting Apple probably already knows about this issue and you’ll likely get a fix in this upcoming software update.

What’s wrong with password prompts in macOS? It’s high time Apple should stop shipping updates with such an embarrassing bug.

Apple also patched a similar vulnerability in October in macOS, which affected encrypted volumes using APFS wherein the password hint section was showing the actual password of the user in the plain text.

CVE-2017-12623

CVE-2017-12623 : An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML Extern

CVEdetails.com the ultimate security vulnerability data source

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Publish Date : 2017-10-10 Last Update Date : 2017-11-05


CVSS Scores & Vulnerability Types

CVSS Score

4.0

Confidentiality Impact Partial
(There is considerable informational disclosure.)
Integrity Impact None
(There is no impact to the integrity of the system)
Availability Impact None
(There is no impact to the availability of the system.)
Access Complexity Low
(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Single system
(The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).)
Gained Access None
Vulnerability Type(s)
CWE ID 611


Products Affected By CVE-2017-12623


Number Of Affected Versions By Product


References For CVE-2017-12623


Metasploit Modules Related To CVE-2017-12623

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Wait, Do You Really Think That’s A YouTube URL? Spoofing Links On Facebook

facebook-link-spoofing

While scrolling on Facebook how you decide which link/article should be clicked or opened?

Facebook timeline and Messenger display title, description, thumbnail image and URL of every shared-link, and this information are enough to decide if the content is of your interest or not.

Since Facebook is full of spam, clickbait and fake news articles these days, most users do not click every second link served to them.

But yes, the possibility of opening an article is much higher when the content of your interest comes from a legitimate and authoritative website, like YouTube or Instagram.

However, what if a link shared from a legitimate website lands you into trouble?

Even before links shared on Facebook could not be edited, but to stop the spread of misinformation and false news, the social media giant also removed the ability for Pages to edit title, description, thumbnail image of a link in July 2017.

However, it turns out that—spammers can spoof URLs of the shared-links to trick users into visiting pages they do not expect, redirecting them to phishing or fake news websites with malware or malicious content.

Discovered by 24-year-old security researcher Barak Tawily, a simple trick could allow anyone to spoof URLs by exploiting the way Facebook fetch link previews.

In brief, Facebook scans shared-link for Open Graph meta tags to determine page properties, specifically ‘og:url’, ‘og:image’ and ‘og:title’ to fetch its URL, thumbnail image and title respectively.

facebook security

Interestingly, Tawily found that Facebook does not validate if the link mentioned in ‘og:url’ meta tag is same as the page URL, allowing spammers to spread malicious web pages on Facebook with spoofed URLs by just adding legitimate URLs in ‘og:url’ Open Graph meta tag on their websites.

“In my opinion, all Facebook users think that preview data shown by Facebook is reliable, and will click the links they are interested in, which makes them easily targeted by attackers that abuse this feature in order to perform several types of attacks, including phishing campaigns/ads/click fraud pay-per-click,” Tawily told The Hacker News.

Tawily reported the issue to Facebook, but the social media giant refused to recognise it as a security flaw and referred that Facebook uses “Linkshim” to protect against such attacks.

If you are unaware, every time a link is clicked on Facebook, a system called “Linkshim” checks that URL against the company’s own blacklist of malicious links to avoid phishing and malicious websites.

This means if an attacker is using a new domain for generating spoofed links, it would not be easy for Linkshim system to identify if it is malicious.

Although Linkshim also uses machine learning to identify never-seen-before malicious pages by scanning its content, Tawily found that the protection mechanism could be bypassed by serving non-malicious content explicitly to Facebook bot based on User-Agent or IP address.

Tawily has also provided a demo video to show the attack in action. You can watch the video above.

Since there is no way to check the actual URL behind a shared link on Facebook without opening it, there is a little user can do to protect themselves except being vigilant.

Watch Out! Difficult-to-Detect Phishing Attack Can Steal Your Apple ID Password

apple-id-phishing-attack

Can you detect which one of the above screens—asking an iPhone user for iCloud password—is original and which is fake?

Well, you would agree that both screenshots are almost identical, but the pop-up shown in the second image is fake—a perfect phishing attack that can be used to trick even the most careful users on the Internet.

Felix Krause, an iOS developer and founder of Fastlane.Tools, demonstrated an almost impossible to detect phishing attack that explains how a malicious iOS app can steal your Apple ID password to get access to your iCloud account and data.

According to an alarming blog post published on Tuesday by Krause, an iOS app can just use “UIAlertController” to display fake dialog boxes to users, mimicking the look and feel of Apple’s official system dialogue.

Hence, this makes it easier for an attacker to convince users into giving away their Apple ID passwords without any degree of suspicion.

iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS operating system updates or iOS apps that are stuck during installation. As a result, users are trained to just enter their Apple ID password whenever iOS prompts you to do so,” Krause said.

However, those popups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, Game Center or In-App-Purchases.

Moreover, it is even possible for app developers to generate fake alerts without knowing user’s email address because Apple also does that sometimes, as shown below:

apple-id-phishing-attacks

Although there is no evidence of malicious attackers exploiting this phishing trick, Krause says it is “shockingly easy to replicate the system dialog,” allowing any malicious app to abuse this behaviour.

For security reasons, the developer has decided not to include the actual source code of the popup while demonstrating the attack.

Here’s How you can Prevent Against Such Clever Phishing Attacks

In order to protect yourself from such clever phishing attacks, Krause suggested users hit “Home” button when they are displayed such suspicious boxes.

If hitting Home button closes both the app, over which it appeared, and the dialog box disappears, then it was a phishing attack.
If the dialog and the app are still there, then it is an official system dialog by Apple.

“The reason for that is that the system dialogs run on a different process, and not as part of any iOS app,” the developer explained.

Krause also advised users to avoid entering their credentials into any popup and instead open the Setting app manually and enter the credentials there—just like users are always encouraged to not click on any links they receive via an email and instead go to the legitimate website manually.

Most importantly, always use 2-factor authentication, so even if attackers gain access to your password, they still need to struggle for the OTP (one-time passcode) that you receive on your mobile device.

Powered by WPeMatico

Fappening 2017: More Celebrity Nude Photos Hacked and Leaked Online

Fappening

It seems like celebrities have not taken their security seriously, which once again resulted in the leaking of nude and personal photographs of more a-listed celebrities.

Dozens of personal and intimate photos of Anne Hathaway, Miley Cyrus, Kristen Stewart, Katharine McPhee, golfer Tiger Woods and his ex Lindsey Vonn have reportedly been surfaced on the Internet, and have widely been shared on Reddit, Tumblr and Twitter.

The incident comes a few months after “The Fappening 2.0” surfaced, leaking alleged pictures of many female celebrities, including Emma Watson and Amanda Seyfried on Reddit and 4chan.

The latest release of celebs private photos seems to have come after an unidentified hacker or group of hackers has gained access to celebs’ Apple iCloud accounts and stolen private iPhone photos and videos.

A similar trick was used in the 2014 Fappening incident, where anonymous hackers flooded the Internet with private photographs of major celebrities, including Jennifer Lawrence, Kim Kardashian, Kate Upton and Kirsten Dunst.

Apple responded to the 2014 hack by pledging to bolster iCloud security, and the Fappening 2014 hackers have since been sent to prison.

Miley Cyrus, Anne Hathaway, Amanda Seyfried, Demi Lovato, Lucy Hale, Kate Hudson, Rose McGowan, Rosario Dawson, Suki Waterhouse and Alison Brie, and much more are just the latest victims adds to the long list of affected celebrities.

The compromised images were posted on the Celeb Jihad website, and the celebrities’ lawyers are reported to be actively working to get those pictures taken off, but they are now being copied and shared across the internet.

The 2014 Fappening hackers used phishing to trick celebrities into entering their iCloud account credentials into bogus ‘security’ websites and then accessed private photographs and videos of more than 300 victims.

However, it is unclear what attack vector attackers used in the latest hack to broke into celebrities’ iCloud accounts.

How To Keep Your Private Photos Private

If you are looking for the best way to keep your photos off the Internet, the simplest solution to this is—Don’t click them and store them insecurely. But if you do so, there are a few steps that you can follow to minimise the risk:

  • Do not click on any suspicious links or attachments in the email you received.
  • When in doubt, contact the sender to confirm that he or she sent the email to you or not.
  • Never provide your personal or financial information through an email to anyone.
  • No service, be it Google, Apple, or Microsoft, ever asks for your password or any other sensitive personal information over an email.
  • It’s always a good idea to regularly update your passwords and security questions.
  • Enable two-factor authentication on your accounts and always choose a strong and different password for all your accounts. If you are unable to create and remember different passwords for each site, you can use a good password manager.

Powered by WPeMatico

‘Shadow Brokers’ Threatens to Unmask A Hacker Who Worked With NSA

shadow-brokers-nsa-hacker

The Shadow Brokers, a notorious hacking group that leaked US cyberweapons — which were also abused by the recent ransomware disasters WannaCry and Petya or NotPetya — has now threatened to unmask the identity of a former hacker who worked for the NSA.

Besides this, the Shadow Brokers group has also doubled the price for its monthly subscription model of NSA’s built hacking tools and zero-day exploits from 100 ZEC (Zcash) to 200 ZEC, which is around $64,400 USD.

Moreover, the hacking group has also announced a VIP service for people, who will be entertained by the group for their queries on the leaked hacking tools and exploits.

To subscribe to the VIP service, one has to make a one-time payment of 400 ZEC (around US$128,800).

Last month, the Shadow Brokers announced to release more zero-days exploits and hacking tools developed by the US spy agency every month from June 2017, but only to private members who will subscribe for receiving exclusive access to the future leaks.

The Shadow Brokers’ June data dump costs 100 ZEC, but after looking at successful growth in the number of subscribers for this month, the group said it is raising the price for the next month’s subscription.

Threatens to Unmask Equation Group Hacker

In typically broken English, the mysterious hacking group threatened to unmask a former member of the NSA’s elite hacking group called Equation Group, who developed several hacking tools to break into Chinese organizations.

The Shadow Brokers did not reveal much about the former Equation Group member, except that the person is living in Hawaii and currently a “co-founder of a new security company and is having much venture capital.”

The group, who called the NSA Equation Group member as “doctor,” threatened because of his/her “ugly tweets” targeting the Shadow Brokers.

“TheShadowBrokers is having special invitation message for ‘doctor’ person theshadowbrokers is meeting on Twitter. ‘Doctor’ person is writing ugly tweets to theshadowbrokers,” the group said. “Then doctor person is deleting ugly tweets, maybe too much drinking and tweeting?” 

“TheShadowBrokers is hoping ‘doctor’ person is deciding to subscribe to dump service in July. If theshadowbrokers is not seeing subscription payment with corporate email address of doctor@newsecuritycompany.com then theshadowbrokers might be taking tweets personally and dumping data of ‘doctor’ persons hacks of China with real id and security company name.”

Well, that’s enough of a threat.

Since June is going to end, it seems like the Shadow Brokers subscribers who paid in June will start receiving zero-day exploit and hacking tools from the first week of July.

Although what the June dump would contain is not clear at the moment, the group’s last announcement claimed that the upcoming data dump would include:

  • Compromised data from banks and Swift providers.
  • Exploits for operating systems, including Windows 10.
  • Exploits for web browsers, routers, and smartphones.
  • Stolen network information from Russian, Chinese, Iranian, and North Korean nuclear missile programs.

You can follow The Hacker News (on Facebook or Twitter) to receive the threat latest updates immediately.

Powered by WPeMatico

NSA Opens Github Account — Lists 32 Projects Developed by the Agency

nsa-github-projects

The National Security Agency (NSA) — the United States intelligence agency which is known for its secrecy and working in the dark — has finally joined GitHub and launched an official GitHub page.

The NSA employs genius-level coders and brightest mathematicians, who continually work to break codes, gather intelligence on everyone, and develop hacking tools like EternalBlue that was leaked by the Shadow Brokers in April and abused by the WannaCry ransomware last month to wreak havoc worldwide.

The intelligence agency mostly works in secret, but after Edward Snowden leaks in 2013, the NSA has started (slowly) opening itself to the world. It joined Twitter in the same year after Snowden leaks and now opened a Github account.

GitHub is an online service designed for sharing code amongst programmers and open source community, and so far, the NSA is sharing 32 different projects as part of the NSA Technology Transfer Program (TTP), while some of these are ‘coming soon.’

“The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace,” the agency wrote on the program’s page

“OSS invites the cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community’s enhancements to the technology.”

Many of the projects the agency listed are years old that have been available on the Internet for some time. For example, SELinux (Security-Enhanced Linux) has been part of the Linux kernel for years.

Some of the NSA’s open source projects are listed below:

  • Certificate Authority Situational Awareness (CASA): A Simple tool that Identifies unexpected and prohibited certificate authority certificates on Windows systems.
  • Control Flow Integrity: A hardware-based technique to prevent memory corruption exploitations.
  • GRASSMARLIN: It provides IP network situational awareness of ICS and SCADA networks to support network security.
  • Open Attestation: A project to remotely retrieve and verify system integrity using Trusted Platform Module (TPM).
  • RedhawkSDR: It is a software-defined radio (SDR) framework that provides tools to develop, deploy, and manage software radio applications in real-time.
  • OZONE Widget Framework (OWF): It is basically a web application, which runs in your browser, allows users to create lightweight widgets and easily access all their online tools from one location.

You can check out the full list of NSA’s projects here.

Powered by WPeMatico

CVE-2017-7662

CVE-2017-7662 : Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple

CVEdetails.com the ultimate security vulnerability data source

Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.

Publish Date : 2017-05-16 Last Update Date : 2017-05-25


CVSS Scores & Vulnerability Types

CVSS Score

6.8

Confidentiality Impact Partial
(There is considerable informational disclosure.)
Integrity Impact Partial
(Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact Partial
(There is reduced performance or interruptions in resource availability.)
Access Complexity Medium
(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required
(Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) CSRF
CWE ID 352


Products Affected By CVE-2017-7662


Number Of Affected Versions By Product


References For CVE-2017-7662


Metasploit Modules Related To CVE-2017-7662

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is
MITRE’s CVE web site.

CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is
MITRE’s CWE web site.

OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is
MITRE’s OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties, implied or otherwise, with regard to this information or its use.
Any use of this information is at the user’s risk.
It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content.
EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site.
ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT,
INDIRECT or any other kind of loss.

Powered by WPeMatico

Microsoft Unveils Special Version of Windows 10 For Chinese Government

windows-10-china-government-edition

China is very strict about censorship, which is why the country has become very paranoid when it comes to adopting foreign technologies.

The country banned Microsoft’s Windows operating system on government computers in 2014 amid concerns about security and US surveillance.

Even in the wake of that, China had been pushing its custom version of Windows XP and its forked version of Ubuntu Linux.

To deal with this issue and target the world’s largest market, Microsoft’s CEO for the Greater China region last year confirmed that the company was working on a Chinese version of Windows 10 that included “more management and security controls” and less bloatware.

Now, Microsoft has just announced a new version of its Windows 10, which is now ready for Chinese government agencies to use.

In its event in Shanghai on Tuesday, Microsoft announced Windows 10 China Government Edition specifically designed for the Chinese government.The OS is based on Windows 10 Enterprise Edition, but with a few tweaks to keep Chinese officials happy.

Windows 10 Enterprise Edition already provides several security, identity, and manageability features governments and enterprises need, but Windows 10 China Government Edition will let the country use the management feature to monitor and deploy updates as needed, manage telemetry, and use its own encrypted algorithms.

Designed to work with Chinese Encryption Algorithms

Microsoft enables the Chinese government to use its own encrypted algorithms in its Windows 10 China Government Edition in order to secure data that they do not want others to see.

Allows to Remove Unwanted Apps

The Chinese version of Windows 10 does not allow access to features that are not needed by Chinese government employees like Microsoft’s OneDrive service that let people store their documents and files on Microsoft-controlled data centers.

Apparently, the Chinese officials don’t want anyone to access their data, so they will keep their data locked down on their own computers in an attempt to have full control over it.

Manage Telemetry Data Collection & Updates

The last year’s outcry over Microsoft’s silent slurping of telemetry data from users’ computers might have made the Chinese officials ask for the control over telemetry of its China version of Windows, preventing Microsoft to collect data on its citizen.

So basically, all Windows 10 users around the world do not have any option to turn off telemetry, but the Chinese government could do so.

“For more than two decades, Microsoft has had the distinct honor to work in China, learning and advancing technology together,” executive vice president Terry Myerson writes on the Windows 10 Blog. 

“Over the last two years, we have earnestly cooperated with the Chinese government on the security review of Windows 10. The Chinese government has the highest standards for security.”

A release date for the Windows 10 China Government Edition have not yet announced, but three Chinese government groups have already announced their plans to adopt Windows 10 China Government Edition.

These three government groups are China Customs, Westone Information Technology and the City of Shanghai on the national, state-owned and regional enterprise levels, respectively.

Besides this, Lenovo has also announced its plans to be the first OEM partner to have devices that come preinstalled with Windows 10 China Government Edition.

Powered by WPeMatico