Because people don’t every patch their BIOSes, it is extremely likely that the vast majority of systems in the wild are vulnerable to at least one known exploit. We made public the details of the new SMM “Incursion” vulnerabilities (CERT VU# 631788, reported Oct 29th), that can be found automatically from SMM dumps. We showed the “LightEater” SMM implant stealing GPG keys/passwords/decrypted messages from Tails on an MSI system. We also showed how an unskilled attacker can infect a BIOS with an off-the-shelf Dediprog programmer, by just pressing the start button.

Source: Research

These extreme hacks rise above the unending morass of everyday, humdrum hacks because of what they target or because they employ previously unknown, unused, or advanced methods. They push the limit of what we security pros previously thought possible, opening our eyes to new threats and systemic vulnerabilities, all while earning the begrudging respect of those who fight malicious hackers.

This is a look at the handful of hacks that have truly raised eyebrows in the security community in the past few years. Here’s to hoping that the good guys find the most dangerous exploits before the bad guys can use them against us.

Source: Be paranoid: 10 terrifying extreme hacks | InfoWorld

Security researchers presenting at this week’s RSA Conference in San Francisco, have uncovered a whole new compelling reason to switch off your phone.

Skycure’s Yair Amit and Adi Sharabani have demonstrated a startling vulnerability in iOS that can allow malicious hackers to crash any iOS device within range of a WiFi hotspot.

And it doesn’t even matter if targeted devices are trying to deliberately connect to the WiFi network or not. The researchers have dubbed their discovery “No iOS Zone”,

via How to crash any iPhone or iPad within WiFi range.

ubiquiti makes some pretty cool wifi mesh networking stuff that does some cool things. however by violating GPL they are actually introducing as well as not fixing known security vulnerabilities into networks running their hardware.

http://libertybsd.net/ubiquiti/

http://webwereld.nl/cloud/85889-langdurige-storing-outlook-com-blijft-een-mysterie

Starting on 27 March 2015, a very large number of people have found that their Avios balance has been reset to zero. Their list of transactions shows an "Ex-Gratia" deduction of their entire previous balance. Other people are also reporting they are unable to access their accounts at all, with their BAEC number not being recognised.

BAEC call centre staff do not seem to have received a thorough briefing and are giving at times contradictory information. However, an email has gone out to some, not all, BAEC members affected by this issue, with the subject "Executive Club Password Change", details here in post 181. At present there is no definitive information about the exact cause, but it’s clear that BA believes there has been a serious security breach (or that there was a serious risk of such a breach).

via 27 Mar: Large numbers of BAEC accounts being Locked/Zeroed Out/in Audit ('Ex-gratia') – FlyerTalk Forums.

ANTLabs InnGate devices are a popular Internet gateway for visitor-based networks. They’re commonly installed in hotels, convention centers and other places that provide temporary guests access to a WiFi connection. If you’ve ever used WiFi in a hotel, you’re familiar with these types of devices as they are typically tied to a specific room number for billing purposes.

[…]

CVE-2015-0932 gives an attacker full read and write access to the file system of an ANTLabs’ InnGate device. Remote access is obtained through an unauthenticated rsync daemon running on TCP 873. Once the attacker has connected to the rsync daemon, they are then able to read and write to the file system of the Linux based operating system without restriction.

[…]

An attacker exploiting the vulnerability in CVE-2015-0932 would have the access to launch DarkHotel-esque attacks against guests on the affected hotel’s WiFi. Targets could be infected with malware using any method from modifying files being downloaded by the victim or by directly launching attacks against the now accessible systems.

via Vulnerability: CVE-2015-0932.

"rowhammer", rapidly writes and rewrites memory to force capacitor errors in DRAM, which can be exploited to gain control of the system. By repeatedly recharging one line of RAM cells, bits in an adjacent line can be altered, thus corrupting the data stored.

This corruption can lead to the wrong instructions being executed, or control structures that govern how memory is assigned to programs being altered – the latter case can be used by a normal program to gain kernel-level privileges.

via Ouch! Google crocks capacitors and deviates DRAM to root Linux • The Register.

The superfish software shipped with Lenovo laptops can intercept and redirect your secure browsing sessions (eg to your bank) so that third parties can hijack them.

You can test to see if your Lenovo product is infected, how to do so is included in the link below. It can also be removed, again instructions in the link.

Lenovo for years has been known as (one of) the best laptop makers out there. I use one and have recommended them to many of my friends. This brand is hugely popular with IT professionals. This changes everything. Any company that allows spyware to be shipped on their systems and then denies it goes onto my boycott list – just like Sony is. This is a real disaster.

So long, Lenovo, and no thanks for all the super-creepy Superfish • The Register.

By learning about the habits of co-workers in over 100 financial institutions, mainly in Russia, the hackers infected computers using spear fishing techniques. They upped the balance of accounts and transferred away the excess money. They also programmed PIN machines to spit out money at specified times.
Hackers stelen 1 miljard dollar bij 'grootste bankroof ooit' – UPDATE 2 – Webwereld.

Luxury car manufacturer BMW has rolled out a patch for a security flaw that could have allowed hackers to open the doors of some 2.2 million vehicles.

The issue affects BMW, Mini and Rolls Royce models that come equipped with ConnectedDrive – a technology that allows car owners to access internet, navigation and other services via a SIM card installed directly into vehicles.

As Reuters explains, security researchers were able to create a fake cellphone base station to intercept network traffic from the car, and use th

http://grahamcluley.com/2015/02/bmw-security-patch/

Anthem, the US’s second biggest health insurer with about 70 million people on its books across the country, admitted late on Wednesday, Pacific time, that it has been comprehensively ransacked by criminals. Tens of millions of records are likely to have been obtained illegally as a result of the hack, Anthem warned

http://www.theregister.co.uk/2015/02/05/anthem_hacked/

All CPUs emit electromagnetic signals when they are performing tasks, and the first thing these researchers discovered was that binary ones and zeroes emit different levels. The second thing they discovered is that electromagnetic radiation is also emitted by the voltage fluctuations and that it can be read from up to six meters away. These signals, by the way, are known as side-channels, and they are well-documented in the cryptography field.

via An Airgap Won't Secure Your Computer Anymore | Hacked.

Rahul Sasi will present a way to hijack a Parrot drone without using any authentication.
nullcon – Rahul Sasi.

KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back all keystrokes from any Microsoft wireless keyboards (which use a proprietary 2.4GHz RF protocol) in the area.

Keystrokes are sent back to the KeySweeper operator over the Internet via an optional GSM chip, or can be stored on a flash chip and delivered wirelessly when a secondary KeySweeper device comes within wireless range of the target KeySweeper. A web based tool allows live keystroke monitoring.

via KeySweeper.

C3TV – 31C3: a new dawn.

Gefahren von Kameras für (biometrische) Authentifizierungsverfahren [31c3] von starbug/Jan Krissler – YouTube.

World's Biggest Data Breaches – Static | Information Is Beautiful.

Staples believes that point-of-sale systems at 115 Staples locations were infected with malware that thieves may have used to steal customers’ names, payment card numbers, expiration dates and card verification codes, Staples said on Friday. At all but two of those stores, the malware would have had access to customer data for purchases made between August 10 and September 16 of this year. At the remaining two stores, the malware was active from July 20 through September 16

via Staples: Breach may have affected 1.16 million customers' cards – Fortune.

The data dump, which was reviewed extensively by BuzzFeed News, includes employee criminal background checks, salary negotiations, and doctors’ letters explaining the medical rationale for leaves of absence. There are spreadsheets containing the salaries of 6,800 global employees, along with Social Security numbers for 3,500 U.S. staff. And there is extensive documentation of the company’s operations, ranging from the script for an unreleased pilot written by Breaking Bad creator Vince Gilligan to the results of sales meetings with local TV executives.

The documents made public this weekend, covering the company’s human resources, sales, and marketing teams, among others, are just a fraction of approximately 100TB of data the hackers claim to have taken from Sony. They say it will all be made freely available online, once they figure out how to distribute such an enormous amount of information.

via A Look Through The Sony Pictures Data Hack: This Is As Bad As It Gets – BuzzFeed News.

Excel and Word documents plainly expose thousands of computer log-in, financial, and web services passwords, including the Facebook, Twitter, YouTube, and MySpace passwords for hundreds of major motion picture accounts.

via It Gets Worse: The Newest Sony Data Breach Exposes Thousands Of Passwords – BuzzFeed News.

Oh dear, Sony is really hammering themselves on this one

The South Korean government is considering a complete overhaul of its national identity number computer system – after hackers comprehensively ransacked it and now hold the ID codes for as much as 80 per cent of the population.

Each South Korean citizen is issued with a lifetime unique ID number. This number is used in all transactions, and the system has been in place since the late 1960s.

A public hearing into the database raid heard that hackers have now stolen the vast majority of these numbers, sparking an online crimewave that has hit everyone, from the highest to the lowest.

South Korea faces $1bn bill after hackers raid national ID database • The Register.

Authy provides you Strong Authentication for your daily apps like Facebook, Dropbox, Evernote, AWS, Outlook and many others. You can use Authy to keep safe of hacking & phishing attacks easy & quickly.

It runs on Apple, Android, Blackberry, OS X, Windows and Linux.

It also works when you’re offline.

via Two-Factor Authentication App | Authy.