implants – WindowsTechs.com

New UFEI Rootkit

Posted on July 28, 2022 by Bruce Schneier

Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article:

The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right. It’s located in an SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. Because it’s the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows. …

Continue reading New UFEI Rootkit→

Injecting a Backdoor into SolarWinds Orion

Posted on January 19, 2021 by Bruce Schneier

Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process:

Key Points

SUNSPOT is StellarParticle’s malware used to insert the SUNBURST backdoor into software builds of the SolarWind… Continue reading Injecting a Backdoor into SolarWinds Orion→

Drovorub Malware

Posted on August 14, 2020 by Bruce Schneier

The NSA and FBI have jointly disclosed Drovorub, a Russian malware suite that targets Linux. Detailed advisory. Fact sheet. News articles. Reddit thread…. Continue reading Drovorub Malware→

BSides Las Vegas, iMessage Exploit, 5G and Stingray Surveillance

Posted on August 12, 2019 by Tom Eston

This is your Shared Security Weekly Blaze for August 12th 2019 with your host, Tom Eston. In this week’s episode: My summary of last week’s BSides Las Vegas security conference, how a single text message to your iPhone could get you hacked,… Continue reading BSides Las Vegas, iMessage Exploit, 5G and Stingray Surveillance→

USB Cable with Embedded Wi-Fi Controller

Posted on February 14, 2019 by Bruce Schneier

It’s only a prototype, but this USB cable has an embedded Wi-Fi controller. Whoever controls that Wi-Fi connection can remotely execute commands on the attached computer…. Continue reading USB Cable with Embedded Wi-Fi Controller→

Another Bloomberg Story about Supply-Chain Hardware Attacks from China

Posted on October 11, 2018 by Bruce Schneier

Bloomberg has another story about hardware surveillance implants in equipment made in China. This implant is different from the one Bloomberg reported on last week. That story has been denied by pretty much everyone else, but Bloomberg is sticking by its story and its sources. (I linked to other commentary and analysis here.) Again, I have no idea what’s true…. Continue reading Another Bloomberg Story about Supply-Chain Hardware Attacks from China→

Skygofree: New Government Malware for Android

Posted on January 22, 2018 by Bruce Schneier

Kaspersky Labs is reporting on a new piece of sophisticated malware: We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers sinc… Continue reading Skygofree: New Government Malware for Android→

Skygofree: New Government Malware for Android

Posted on January 22, 2018 by Bruce Schneier

Kaspersky Labs is reporting on a new piece of sophisticated malware: We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was the year the distribution campaign was at its most active. The… Continue reading Skygofree: New Government Malware for Android→

ShadowBrokers Releases NSA UNITEDRAKE Manual

Posted on September 8, 2017 by Bruce Schneier

The ShadowBrokers released the manual for UNITEDRAKE, a sophisticated NSA Trojan that targets Windows machines: Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information. UNITEDRAKE, described as a "fully extensible… Continue reading ShadowBrokers Releases NSA UNITEDRAKE Manual→

CIA Exploits Against Wireless Routers

Posted on June 28, 2017 by Bruce Schneier

WikiLeaks has published CherryBlossom, the CIA’s program to hack into wireless routers. The program is about a decade old. Four good news articles. Five. And a list of vulnerable routers…. Continue reading CIA Exploits Against Wireless Routers→