Like a super strain of bacteria, the rootkit plaguing Dragos Ruiu is omnipotent.

Three years ago, security consultant Dragos Ruiu was in his lab when he noticed something highly unusual: his MacBook Air, on which he had just installed a fresh copy of OS X, spontaneously updated the firmware that helps it boot. Stranger still, when Ruiu then tried to boot the machine off a CD ROM, it refused. He also found that the machine could delete data and undo configuration changes with no prompting. He didn’t know it then, but that odd firmware update would become a high-stakes malware mystery that would consume most of his waking hours.

linked from:
 http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

it was just a matter of time before microcode injections into the controller on various sub systems of a computer would be targeted.
This is a very troubling discovery for many people. 

The post Ultrasonic more then bugs talking…….or “bab bios” or should it be sound gaps not air gaps appeared first on Security Wandering.

“ChapCrack and CloudCracker reveal sensitive corporate communications — including passwords — protected by the popular PPTP encryption protocol, which is based on an algorithm from Microsoft, a researcher says at Defcon.“

The post Tools boast easy cracking of Microsoft crypto for businesses appeared first on Security Wandering.

“

CNET News

HomeReviews News Download CNET TV How To Marketplace Log In | Join

CNET News Security & Privacy Flame malware: So big, so overlooked The most ‘complex malware ever found’ — Flame — has taken the information security world by surprise. Given that it is said to have been around for years, how did everyone miss it?

by Michael Lee May 29, 2012 4:53 AM PDT 8 CommentsFacebook24Twitter71Linked In19More

The most ‘complex malware ever found’ — Flame — has taken the information security world by surprise. Given that it is said to have been around for years, how did everyone miss it? Several security research firms, including Symantec, Kaspersky, and McAfee, have been hard at work analyzing a specific piece of malware in the past few days after the Iranian Computer Emergency Response Team posted an alert about malicious code designed to steal and exfiltrate information from infected computers back to a network of at least 10 command and control servers. However, as Budape”

The post Flame malware: So big, so overlooked | Security & Privacy – CNET News appeared first on Security Wandering.

“

CNET News

HomeReviews News Download CNET TV How To Marketplace Log In | Join

Breaking news Oracle v. Google jury returns partial verdict, favoring OracleShare: CNET News Security & Privacy New malware strain locks up computers unless ransom is paid A type of ‘ransomware’ hitting users across Europe demands payment for alleged copyright violations, according to a Swiss security blog.

by Lance Whitney May 7, 2012 8:50 AM PDT 20 CommentsFacebook54Twitter71Linked In23More (Credit: abuse.ch) A campaign of ‘ransomware’ is locking people out of their computers unless they pony up the right amount of money. Spotted by security blog abuse.ch, the malware taps into an exploit kit known as ‘Blackhole.’ Sold underground, Blackhole is used by criminals to infect computers through security holes in the browser or third-party plug-ins, such as Java and Adobe Reader. If the version of Java, for example, is not up to date with the latest patches, the downloaded file will exploit the software'”

The post New malware strain locks up computers unless ransom is paid | Security & Privacy – CNET News appeared first on Security Wandering.

<<< Wednesday, May 2, 2012 >>>   Oxford Muses on Mac Flashback: Worst Outbreak Since Blaster Posted by Sean @ 14:25 GMT | Comments So how bad was last month’s Mac Flashback outbreak and who suffered the most? Our guess: it was bad, and university IT help desks. And it looks like our guess might not be far off the mark.

Oxford University Computing Services’ network security team (aka OxCERT) has written that they dealt ‘with what is probably the biggest outbreak since Blaster struck the Windows world all the way back in the summer of 2003.’

OxCERT dealt with around 1000 incidents for Blaster. They’ve seen several hundred Flashback incidents… ‘and they keep on coming.’

Other institutions, such as The University o”

The post Oxford Muses on Mac Flashback: Worst Outbreak Since Blaster – F-Secure Weblog : News from the Lab appeared first on Security Wandering.

“Skip the navigation

Computerworld White Papers Webcasts Newsletters Solution Centers Events Magazine Twitter Facebook RSS

Topics News In Depth Reviews Blogs Opinion Shark Tank IT Jobs More IT Verticals Security App Security|Business Continuity|Cybercrime and Hacking|DRM and Legal Issues|Data Security|Malware and Vulnerabilities|Privacy|Security Hardware and Software

74  

3   1 Submit 6 Email

Home > Security > Malware and Vulnerabilities News Microsoft detects new malware targeting Apple computers Apple users should be sure their Mac version of Office has up-to-date patches

By Jeremy Kirk May 2, 2012 12:18 AM ET2 Comments . What’s this? IDG News Service – Microsoft has detected a new piece of malware targeting Apple OS X computers that exploits a vulnerability in the Office productivity suite patched nearly three years ago.

The malware is not widespread, wrote Jeong Wook Oh of Microsoft’s Malware Protection Center. But it does show that hackers pay attention if it’s found pe”

The post Microsoft detects new malware targeting Apple computers – Computerworld appeared first on Security Wandering.

” <<< Sunday, August 28, 2011 >>>   Windows Remote Desktop worm “Morto” spreading Posted by Mikko @ 13:23 GMT | Comments We don’t see that many internet worms these days. It’s mostly just bots and trojans. But we just found a new internet worm, and it’s spreading in the wild.

 

The worm is called Morto and it infects Windows workstations and servers. It uses a new spreading vector that we haven’t seen before: RDP.

RDP stands for Remote Desktop Protocol. Windows has built-in support for this protocol via Windows Remote Desktop Connection. Once you enable a computer for remote use, you can use any other computer to access it.

When you connect to another computer with this tool, you can remotely use the computer, just like you’d use a local computer.

Once a machine gets infected, the Morto worm starts scanning the local network for machines that have Remote Desktop Connection enabled. This creates a lot of traffic for port 3389/TCP, which is the RDP port.

When Morto finds a Remote Desktop server, it tries logging in as Administrator and tries a series of passwords:

admin  password  server  test  user  pass  letmein  1234qwer  1q2w3e  1qaz2wsx  aaa  abc123  abcd1234″

The post Windows Remote Desktop worm “Morto” spreading – F-Secure Weblog : News from the Lab appeared first on Security Wandering.

Over on the post “Enterprise Security Today | Pentagon Discloses Largest-Ever Cybertheft” contains this text:

” Pentagon Discloses Largest-Ever Cybertheft By Robert Burns and Lolita C. Baldor July 18, 2011 7:50AM

The Defense Department has revealed that 24,000 files containing Pentagon data were stolen from a defense industry computer network in a single intrusion in March. The Pentagon believes the attacker was a foreign government. This is part of the reason for the new cyber-defense strategy unveiled, which is oriented toward defensive measures.   Related Topics Pentagon Defense Department Cyberattack Cybersecurity Cyberwar Hackers Latest News LulzSec Takes Out Murdoch Servers Largest-Ever Cybertheft Disclosed Pentagon To Publish Cyberwar Rules Israeli App Merges Facebook, Google+ Microsoft Bluetooth Vulnerability Seen

 

The Pentagon on Thursday revealed that in the spring it suffered one of its largest losses ever of sensitive data in a cyberattack by a foreign government. It is a dramatic example of why the military is pursuing a new strategy emphasizing deeper defenses of its computer networks, collaboration with private industry and new steps to stop “malicious insiders.” William Lynn, the deputy secretary of defense, said in a speech outlining the strategy that 24,000 files containing Pentagon data were stolen from a defense industry computer network in a single intrusion in March. He offered no details about what was taken but in an interview before the speech he said the Pentagon believes the attacker was a foreign government. He didn’t say which nation.

“We have a pretty good idea” who did it, Lynn said in the interview. He would not elaborate.”

The post Enterprise Security Today | Pentagon Discloses Largest-Ever Cybertheft appeared first on Security Wandering.

Over on the post “Botnet Called ‘Practically Indestructible’ – Computerworld” contains this text:

“Massive botnet ‘indestructible,’ say researchers By Gregg Keizer July 18, 2011 06:00 AM ET1 Comment Computerworld – A new and improved botnet that has infected 4.5 million Windows PCs is “practically indestructible,” security researchers say.

TDL-4, the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is “the most sophisticated threat today,” reported Kaspersky Labs researcher Sergey Golovanov late last month.

 

“[TDL-4] is practically indestructible,” Golovanov said.”

The post Botnet Called ‘Practically Indestructible’ – Computerworld appeared first on Security Wandering.

“Security Experts Warn of Microsoft Bluetooth Vulnerability By Jennifer LeClaire July 13, 2011 1:07PM

There’s danger on the wireless front, in the form of a Bluetooth stack vulnerability. Amid an otherwise mild Patch Tuesday for Microsoft, security researchers said the Bluetooth problem could be used to launch a targeted attack by sending specific malicious data to the targeted computer while establishing a Bluetooth connection.   Related Topics Microsoft Patch Tuesday Bluetooth Symantec Wireless Security Latest News Pentagon To Publish Cyberwar Rules Israeli App Merges Facebook, Google+ Microsoft Bluetooth Vulnerability Seen Rupert Murdoch Drops Bid for BSkyB Julian Assange Fighting Extradition

 

After a heavy June release, Microsoft on Tuesday issued a mere four security bulletins to address 22 vulnerabilities. Only one is rated critical. Still, security researchers agree there is an element of danger present on the wireless front. “An attacker could use the Bluetooth stack vulnerability to launch a targeted attack,” said Joshua Talbot, security intelligence manager at Symantec Security Response. “However, it’s unlikely it could be used in a widespread attack because an attacker would have to be within Bluetooth range to exploit it. A specific target would likely already have to be identified and that person’s whereabouts known to the attacker.””

The post Enterprise Security Today | Security Experts Warn of Microsoft Bluetooth Vulnerability appeared first on Security Wandering.