1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  12  |  13  |  14  |  15  |  16  |  17  |  18  |  19  |  20  |  21  |  22  |  23  |  24  |  25  |  26  |  27  |  28  |  29  |  30  |  31  |  32  |  33  |  34  |  35  |  36  |  37  |  38  |  39  |  40  |  41  |  42  |  43  |  44  |  45  |  46  |  47  |  48  |  49  |  50  |  51  |  52  |  53  |  54  |  55  |  56  |  57  |  58  |  59  |  60  |  61  |  62  |  63  |  64  |  65 

November 01, 2013

BadBIOS, the malware of the apocalypse

DEBUNKED. Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps | Ars Technica
Three years ago, security consultant Dragos Ruiu was in his lab when he noticed something highly unusual: his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused. He also found that the machine could delete data and undo configuration changes with no prompting. He didn't know it then, but that odd firmware update would become a high-stakes malware mystery that would consume most of his waking hours. In the following months, Ruiu observed more odd phenomena that seemed straight out of a science-fiction thriller. A computer running the Open BSD operating system also began to modify its settings and delete its data without explanation or prompting. His network transmitted data specific to the Internet's next-generation IPv6 networking protocol, even from computers that were supposed to have IPv6 completely disabled. Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed. Further investigation soon showed that the list of affected operating systems also included multiple variants of Windows and Linux. "We were like, 'Okay, we're totally owned,'" Ruiu told Ars. "'We have to erase all our systems and start from scratch,' which we did. It was a very painful exercise. I've been suspicious of stuff around here ever since." In the intervening three years, Ruiu said, the infections have persisted, almost like a strain of bacteria that's able to survive extreme antibiotic therapies. Within hours or weeks of wiping an infected computer clean, the odd behavior would return. The most visible sign of contamination is a machine's inability to boot off a CD, but other, more subtle behaviors can be observed when using tools such as Process Monitor, which is designed for troubleshooting and forensic investigations. Another intriguing characteristic: in addition to jumping "airgaps" designed to isolate infected or sensitive machines from all other networked computers, the malware seems to have self-healing capabilities. . . . Ruiu posited another theory that sounds like something from the screenplay of a post-apocalyptic movie: "badBIOS," as Ruiu dubbed the malware, has the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps. . . .

Hackers used fake LinkedIn account to infiltrate government agency, get work laptop, VPN credentials

This is a really impressive feat of hacking. Government agency compromised by fake Facebook hottie | ZDNet
Using social media profiles and a photo of a real (and consenting) woman, two hackers fooled a government employer into believing she was an employee, conning them out of a company laptop, network credentials, and more. They used "her" Facebook and LinkedIn connections to send out holiday cards linked to an attack site, which the government employees visited, and scammed one employee into sending her a work laptop - as well as network access credentials and more, such as SalesForce logins. Robin Sage Emily Williams The researchers used the imaginary pretty girl's poisoned holiday e-cards to gain administrative rights, obtain passwords, install applications and stole documents with sensitive information - some of which, according to the hackers, included information about state-sponsored attacks and country leaders. Miss Emily Williams - run by puppetmasters security researchers Aamir Lakhani and Joseph Muniz - even convinced a security team executive to click a javascript exploit masquerading as a birthday card, thus compromising his laptop. . . .