HackDig : Dig high-quality web security articles for hacker

Millions of Macs open to EFI Firmware Hacks even if they are up-to-date

A group of researchers with Duo Security demonstrated that millions of Up-to-Date Apple Macs are vulnerable to EFI Firmware attacks. In 2015, the security researcher Trammell Hudson demonstrated at the Chaos Computer Congress in Hamburg, how it is possible to infect Apple Mac PCs exploiting the Thunderbolt port. Since the disclosure of the attack against th
Publish At:2017-10-01 02:25 | Read:677 | Comments:0 | Tags:Breaking News Hacking Reports Apple bootkit EFI hack OS X Th

Persistent Financial Malware ‘Nemesis’ Targets Boot Record

A group of attackers are behind a strain of payment card malware that has bootkit functionality, something that makes it very difficult to detect, much less remove.“FIN1,” the group behind the malware, appears to be based in Russia, according to researchers at both FireEye and Mandiant who described the group on Monday. The two firms uncovered th
Publish At:2015-12-07 18:05 | Read:1927 | Comments:0 | Tags:Malware Bootkit Bootkit functionality FireEye malware MANDIA

I am HDRoot! Part 2

Some time ago while tracking Winnti group activity we came across a suspicious 64-bit sample. It was a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. Once installed the bootkit infects the operating system with a backdoor at the early booting stage. The principles of this bootkit’s work, named HDRoot, have been descr
Publish At:2015-10-13 07:15 | Read:1533 | Comments:0 | Tags:Analysis Featured Publications APT Bootkit Cyber espionage D

I am HDRoot! Part 1

Some time ago while tracking Winnti group activity we came across an intriguing sample. MD5 Size Linker Compiled on 2C85404FE7D1891FD41FCEE4C92AD305 241’904 10.00 2012-08-06 16:12:29 Property Value CompanyName Microsoft Corporation FileDescription Net Command FileVersion 6.1.7600.16385 (win7_rtm.090713-1255) InternalName net.exe LegalCopyright ©
Publish At:2015-10-06 01:45 | Read:2765 | Comments:0 | Tags:Analysis Featured Publications APT Bootkit Cyber espionage D

Thunderstrike 2 OS X Firmware Attack Self-Replicates to Peripherals

A new attack against Intel firmware running in Apple computers is expected to be unveiled at this week’s Black Hat conference. The research is an extension of the Thunderstrike Mac OS X firmware bootkit disclosed this spring that enables the undetectable installation of malicious firmware that survives reboots and operating system reinstallations.Thund
Publish At:2015-08-03 22:45 | Read:1155 | Comments:0 | Tags:Apple Black Hat Hacks Malware Vulnerabilities Web Security a

POC Shows Mac OS X UEFI Attacks Are Possible; What Does This Mean for Mac Users?

A critical Mac vulnerability was discovered by OS X security researcher Pedro Vilaca last week. According to his research, any attacker can disable the BIOS lock just by taking advantage of a flaw in Apple’s S3 sleep state (more known as ‘standby mode’) suspend-resume implementation. Once an attacker does this, he can install bootkit malware onto
Publish At:2015-06-09 19:25 | Read:1792 | Comments:0 | Tags:Mac Malware Apple BIOS bootkit OS X UEFI

Mac zero-day makes rootkit infection very easy

A security researcher discovered a zero-day vulnerability in many Mac firmware that could allow an easy installation of an EFI rootkits. The cyber security expert Pedro Vilaça has discovered a low-level zero-day vulnerability in Apple Mac systems that could be exploited by privileged users to more install an EFI rootkits. Vila
Publish At:2015-06-01 20:55 | Read:1655 | Comments:0 | Tags:Breaking News Hacking Apple bootkit Chaos Computer Congress

Thunderstrike Patch Slated for New OS X Build

In addition to patching the three Project Zero vulnerabilities disclosed last week, Apple is apparently readying a fix for the Thunderstrike boot attack as well, something that will purportedly rid all Macs running Yosemite of the issue.All of the vulnerabilities have reportedly been fixed in Yosemite 10.10.2, the next build of the OSX, currently in beta and
Publish At:2015-01-27 03:55 | Read:2358 | Comments:0 | Tags:Apple Vulnerabilities Apple OS X Apple patches Bootkit Explo

First Public Mac OS X Firmware Bootkit Unleashed

A vulnerability at the heart of Apple’s Mac OS X systems—one thus far only partially addressed by Apple—opens the door to the installation of malicious firmware bootkits that resist cleanup and give hackers persistent, stealthy control over a compromised Mac.The research is the work of a reverse engineering hobbyist and security researcher named Tramme
Publish At:2015-01-08 21:25 | Read:2068 | Comments:0 | Tags:Apple Hacks Vulnerabilities 31C3 apple Apple EFI firmware Ap

CERT CC warns about critical flaws in UEFI implementations

The Carnegie Mellon University CERT/CC warned about the presence of serious vulnerabilities in the Unified Extensible Firmware Interface (UEFI). The CERT/CC has issued three different advisories for security flaws identified in the Unified Extensible Firmware Interface (UEFI). The Unified Extensible Firmware Interface (UEFI) (
Publish At:2015-01-07 17:35 | Read:1739 | Comments:0 | Tags:Hacking Security Apple bootkit CERT/CC Chaos Computer Congre

Thunderstrike hack – Infecting Apple Mac with EFI Bootkit

A security researcher has presented a technique dubbed Thunderstrike hack to infect Apple’s Mac PCs with with EFI Bootkit through the Thunderbolt port. Infect Apple Mac PCs exploiting the Thunderbolt port is possible, the security researcher Trammell Hudson has demonstrated how it is possible during  the last edition of the
Publish At:2015-01-05 22:40 | Read:1933 | Comments:0 | Tags:Hacking Apple bootkit Chaos Computer Congress OS X Thunderst

Thunderstrike — Infecting Apple MacBooks with EFI Bootkit via Thunderbolt Ports

A security researcher has discovered an easy way to infect Apple’s Macintosh computers with an unusual kind of malware using its own Thunderbolt port. The hack was presented by programming expert Trammell Hudson at the annual Chaos Computer Congress (30C3) in Hamburg Germany. He demonstrated that it is possible to rewrite the firmware of an Intel Thund
Publish At:2015-01-05 08:50 | Read:2247 | Comments:0 | Tags:Apple mac malware bootkit EFI Bootkit hacking news Macbook M

Hacking 4G USB modems and SIM Card via SMS

A group of experts managed to uncover USB modem vulnerabilities that allow a potential attacker to gain full control of the connected system. A team of researchers at Positive Technologies conducted a study on how to compromise USB modems and attack SIM cards via SMS over 4G networks at the PacSec and Chaos Computer Club confe
Publish At:2014-12-31 14:20 | Read:1980 | Comments:0 | Tags:Hacking 4G USB modems ATM bootkit mobile SCADA SIM card SMS

Analysis of FinFisher Bootkit

We recently investigated the FinFisher bootkit malware published by WikiLeaks. Most components of the Windows version of FinFisher are basic, so let’s skip directly to the kernel mode driver and the Bootstrap code. The kernel mode driver directly reads and writes raw data from/onto a hard drive. The approximation of the technique used by the driver can
Publish At:2014-10-20 19:05 | Read:1905 | Comments:0 | Tags:IBM X-Force Analysis Bootkit Bootstrap FinFisher Malware Wik

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud