Security Alerts & News
by Tymoteusz A. Góral

History
#2136 New WikiLeaks dump: The CIA built Thunderbolt exploit, implants to target Macs
WikiLeaks today dumped a smaller subset of documents from its "Vault 7" collection of files from a CIA software developer server. Yet again, these documents are more important from the perspective of WikiLeaks having them than for showing any revelatory content. The exploits detailed in these new files are for vulnerabilities that have largely been independently discovered and patched in the past. The files also reveal that the CIA likely built one of these tools after seeing a presentation on the exploits of Apple's EFI boot firmware at Black Hat in 2012.

The latest batch of files, dramatically named "DarkMatter" (after one of the tools described in the dump), consists of user manuals and other documentation for exploits targeting Apple MacBooks—including malware that leveraged a vulnerability in Apple's Thunderbolt interface uncovered by a researcher two years ago. Named "Sonic Screwdriver" after the ever-useful tool carried by the fictional Doctor of Dr. Who, the malware was stored on an ordinary Thunderbolt Ethernet adapter. It exploited the Thunderbolt interface to allow anyone with physical access to a MacBook to bypass password protection on firmware and install one of a series of Apple-specific CIA "implants."
Read more
#2149 Soundwaves used to produce fake data from accelerometers
#2148 A new trend in Android adware: abusing Android plugin frameworks
#2147 LastPass bugs allow malicious websites to steal passwords
#2146 Winnti abuses GitHub for C&C communications
#2145 Lithuanian con artist scams two US tech giants out of $100 million
#2144 Chinese crooks use fake cellular telephony towers to spread Android malware
#2143 Hackers: We will remotely wipe iPhones unless Apple pays ransom
#2142 DoubleAgent: 0day code injection and persistence technique
#2141 Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs
#2140 New LLTP ransomware appears to be a rewritten venus locker
#2139 Swearing trojan continues to rage, even after authors’ arrest
#2138 Bitcoin scams: Beware of crooks trying to steal your cryptocurrency with these schemes
#2137 Word document spreads macro malware targeting both Windows and macOS
#2136 New WikiLeaks dump: The CIA built Thunderbolt exploit, implants to target Macs
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12