Uncategorized

Lojack (formerly CompuTrace) Becomes a Double-Agent

ASERT recently discovered Lojack agents containing malicious C2s. These hijacked agents pointed to suspected Fancy Bear (a.k.a. APT28, Pawn Storm) domains. The InfoSec community and the U.S. government have both attributed Fancy Bear activity to Russian espionage activity. Fancy Bear actors typically choose geopolitical targets, such as governments and international organizations. They also target industries that do business with such organizations, such as defense contractors. Lojack, formally known as Computrace, is a legitimate laptop recovery solution used by a number of companies to protect their assets should they be stolen. Lojack makes an excellent double-agent due to appearing as legit software while natively allowing remote code execution. Although the initial intrusion vector for this activity remains unknown, Fancy Bear often utilizes phishing email to deliver payloads.

https://asert.arbornetworks.com/lojack-becomes-a-double-agent/

Wikipedia on LoJack: “Analysis of Computrace by Kaspersky Lab shows that in rare cases, the software was preactivated without user authorization. The software agent behaves like rootkit (bootkit), reinstalling a small installer agent into the Windows OS at boot time. This installer later downloads the full agent from Absolute’s servers via the internet. This installer (small agent) is vulnerable to certain local attacks[8][9] and attacks from hackers who can control network communications of the victim.”

https://en.wikipedia.org/wiki/LoJack_for_Laptops

https://www.absolutelojack.com/features/

 

Standard
Uncategorized

Absolute introduces Absolute Reach

https://www.brighttalk.com/webcast/14813/272099

https://www.absolute.com/en/resources/datasheets/reach

https://www.absolute.com/en/resources/videos/product/reach

Absolute Reach™ is a flexible endpoint security feature within the Absolute Platform that gives you the power to execute custom discovery, compliance, and remediation tasks across 100% of your endpoints on-demand, anytime or anywhere:

• Assess and enhance security posture: Always-on visibility and control—on and off the network
• Eliminate blind spots: Remediate known vulnerabilities on the spot
• Gather precise insights from any endpoint: Evaluate risk and prove compliance
• Remediate with lightning speed: Script once. Deploy everywhere
• Validate delivery for compliance assurance: Receive confirmation of successful delivery and execution

 

Standard
Uncategorized

Absolute seeks OEM Business Development Director

It is an exciting time for the Absolute and Microsoft partnership!  Absolute’s placement in Windows device firmware provides a truly unique position within the Microsoft partner ecosystem. We continue to strengthen this relationship by opening new doors of engagement through our recent product integration announcements. To further support the relationship, we are looking for a tenured Business Development Director[…]

http://jobs.jobvite.com/absolute/job/oarf5fwF

Standard
Uncategorized

Absolute included in new Microsoft Surface devices

Excerpt from press release:

Absolute to Support New Microsoft Surface Pro 4 and Surface Book

Absolute(R) Software Corporation today announced support for the upcoming Microsoft(R) Surface Pro 4 and Surface Book devices. Persistence(R) technology by Absolute will be embedded into the firmware of these devices at the factory. Once activated, Absolute Data & Device Security (formerly Absolute Computrace(R)) will deliver a reliable two-way connection with all endpoints, regardless of user or location, enabling IT to maintain control of these devices and the data they contain.

Full press release:
https://www.absolute.com/en/about/pressroom/press-releases/2015/absolute-to-support-new-microsoft-surface-pro-4-and-surface-book

Standard
Uncategorized

European agreement for Absolute and Lenovo

The Canadian ISV/IHV Absolute Software Corporation is working with the European branch of the Chinese OEM Lenovo, to apply CompuTrace — now called Absolute(R) — silicon/firmware-level tracking technology within Europe. Excerpt of press release:

Absolute Collaborates with Lenovo EMEA to Introduce European Factory Activation

Absolute Software Corporation, the industry standard for persistent endpoint security and data risk management solutions, today announced the Company has entered into an agreement with Lenovo EMEA to introduce European factory activation of Absolute Data & Device Security (DDS) (formerly Absolute Computrace). Under this agreement, Lenovo EMEA will incorporate the automated deployment of Absolute DDS, (which will trigger the activation of Persistence technology by Absolute) through Lenovo’s Imaging Technology Center for its European customers. As part of this factory image, customers can opt to load and activate Absolute DDS onto all of their Lenovo devices before shipment.

“Many of our enterprise customers want their Lenovo devices to be protected while in transit. By installing Absolute DDS and activating Persistence technology, our customers will be able to secure these endpoints before they leave the factory,” said Stefan Larsen, EMEA business development manager, Lenovo. “This agreement also allows our customers to reduce the resources spent on configuring and imaging devices, without compromising best-in-class security.”

“Lenovo’s Imaging Technology Center delivers a customized, out-of-the-box experience for its enterprise customers,” said Geoff Haydon, chief executive officer, Absolute. “We are excited to expand our participation in this program to Lenovo customers in Europe. This agreement represents a tremendous opportunity for us to strengthen our position in the region.”

More information:

https://www.absolute.com/en/about/pressroom/press-releases/2015/absolute-collaborates-with-lenovo-emea-to-introduce-european-factory-activation

So,  some of Lenovo’s enterprise customers are concerned about new computers being stolen or otherwise manipulated before they leave the factory? Who can attack OEM systems at this point in the system? Is this just an issue for Lenovo, or do other OEM’s enterprise customers also have this kind of concern? How does this new Absolute/Lenovo change impact attacker’s ability to attack system before the hardware comes to Europe and Persistence technology gets activated?

I wish OEMs would give me the OPTION to have this feature, not presume all of their systems are sold to enterprises. I wish someone would maintain a list of modern CompuTrace-free systems, for non-enterprise citizens who don’t want it installed, as it is useless, since CompuTrace is only available to enterprises. It seems that their compatibility lists include nearly all modern OEM systems. Hmm, does Purism or Novena have it? Did the old Thinkpads — that are being refurbished with Libreboot and resold by 2 companies– have it?

Standard
Uncategorized

Absolute divests some assets to HEAT

Absolute Software, makers of the Persistance(TM) silicon/firmware tracking technology, is selling off some of it’s products, to focus on it’s core security business.

HEAT Software, a global provider of Hybrid Service Management and Unified Endpoint Management (UEM) solutions for organizations of all sizes, today announced that it has reached a definitive agreement to acquire the assets and operations related to Absolute Manage and Absolute Service from Absolute Software Corporation. HEAT Software is a portfolio company of Clearlake Capital Group.

Absolute Software Corporation (TSX: ABT) today announced that it has signed a definitive agreement with HEAT Software for the sale of the assets and operations related to Absolute Manage(R) and Absolute Service, its computer lifecycle management and IT service management businesses. The transaction is subject to the satisfaction of normal closing conditions and is expected to close in early October, 2015. After the transaction closes, Absolute will work closely with HEAT Software to ensure a smooth transition and uninterrupted service to existing Absolute Manage and Absolute Service customers.

“We are pleased with the terms of this agreement and are incredibly excited for the future of our business,” said Geoff Haydon, chief executive officer, Absolute. “This divestiture enables us to singularly focus on our core information security business. With the ability to focus resources and investments on our adaptive endpoint security solutions, we are favorably positioned to accelerate our technology roadmap, extend our unique persistence platform, and strengthen our market leadership in this important segment globally.”

https://www.absolute.com/en/about/pressroom/press-releases/2015/absolute-announces-sale-of-absolute-manage-and-absolute-service
http://www.heatsoftware.com/news/press-releases/heat-software-acquire-absolute-manage-and-absolute-service-businesses-absolute

http://www.clearlakecapital.com/portfolio.html

https://www.absolute.com/en/partners/compatibility
https://www.absolute.com/en/about/persistence

Standard