A Chinese-speaking hacking group has been observed using a UEFI bootkit to download and install additional malware on targeted computers.
UEFI firmware it is a crucial component for every computer. This crucial firmware inside a flash memory bolted to the motherboard and controls all the computer’s hardware components and helps boot the actual user-facing OS (such as Windows, Linux, macOS, etc.).
Attacks on UEFI firmware are the Holy Grail of every hacker group, as planting malicious code here allows it to survive OS reinstalls.
Nonetheless, despite these benefits, UEFI firmware attacks are rare because tampering with this component is particularly hard as attackers either need physical access to the device or they need to compromise targets via complex supply chain attacks where the UEFI firmware or tools that work with UEFI firmware are modified to insert malicious code.
Social networking giant Twitter said today that it removed around 130 Iranian Twitter accounts for attempting to disrupt the public conversation during last night’s first Presidential Debate for the US 2020 Presidential Election.
Twitter said it learned of the accounts following a tip from the US Federal Bureau of Investigations.
We identified these accounts quickly, removed them from Twitter, and shared full details with our peers, as standard, the social network said today.
They [the accounts] had very low engagement and did not make an impact on the public conversation, it added.
A hacker group previously associated with the North Korean regime has been spotted launching spear-phishing attacks to compromise officials part of the United Nations Security Council.
The attacks, disclosed in a UN report last month, have taken place this year and have targeted at least 28 UN officials, including at least 11 individuals representing six countries of the UN Security Council.
UN officials said they learned of the attacks after being alerted by an unnamed UN member state (country).
Pastebin, the most popular website where users can share small snippets of text, has added two new features today that cyber-security researchers believe are going to be widely and wildly abused by malware operators.
Named “Burn After Read” and “Password Protected Pastes,” the two new features allow Pastebin users to create pastes (pieces of text) that expire after a single read or pastes that are protected by a password.
None of the two features are original, as they have been present on many paste sites for years.
However, they are new to Pastebin, which is, by far, today’s most popular pastes portal, being ranked in the Alexa Top 2,000 most popular sites on the internet.
Twitter said today it’s been working over the past months to bolster its internal security by requiring staff to go through additional security training, engaging in penetration tests, and by deploying hardware security keys to all employees.
The measures announced today are part of Twitter efforts to prevent a repeat of the July 2020 hack during the US presidential election later this fall.
In July this year, hackers phished Twitter staffers, gained access to its internal platform, and then tweeted a cryptocurrency scam via high-profile and verified accounts. Some of the defaced accounts belonged to political figures, including presidential candidate Joe Biden.
Twitter learned a hard lesson in July, but in a blog post today authored by Parag Agrawal, Twitter Chief Technical Officer, and Damien Kieran, Twitter Data Protection Officer, the company said it learned its lesson and has taken corrective actions.
The FBI and NSA have published today a joint security alert containing details about a new strain of Linux malware that the two agencies say was developed and deployed in real-world attacks by Russia’s military hackers.
The two agencies say Russian hackers used the malware, named Drovorub, was to plant backdoors inside hacked networks.
Based on the evidence the two agencies have collected, FBI and NSA officials claim the malware is the work of APT28 (Fancy Bear, Sednit), a codename given to the hackers operating out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main SpecialService Center (GTsSS).
Through their joint alert, the two agencies hope to raise awareness in the US private and public sectors so IT administrators can quickly deploy detection rules and prevention measures.
The owner of controversial video-sharing app TikTok has a September 15 deadline to either sell to a US company or see the service banned from the US market, following President Donald Trump’s executive order that labelled the platform as a national emergency.
Microsoft threw its hat in the ring prior to the official announcement from the president, saying it wanted to scoop up TikTok and add world-class security, privacy, and digital safety protections to the app if it did.
It soon reportedly joined forces with Walmart to co-bid for the Chinese company’s US, Canadian, Australian, and New Zealand operations.
Microsoft officials had characterised the discussions as preliminary, noting it was not intending to provide any further updates on the discussions until there was a definitive outcome.
But in approaching the deadline, ByteDance said it would not include TikTok’s algorithm as part of the sale, according to a South China Morning Post report. The Chinese company has also told Microsoft it would not be its new owner.