Enlarge / Dmitry Dokuchaev, Igor Sushchin, Alexsey Belan, and Karim Baratov—the four indicted by the US in the Yahoo hacking case. SAN FRANCISCO—The indictment unsealed Wednesday by US authorities against two agents of the Russian Federal Security Service, or FSB, (Dmitry Dokuchaev and Igor Sushchin) and two hackers (Alexsey Belan and Karim Baratov) provides some details of how Yahoo was pillaged of user data and its own technology over a period of over two years. But at a follow-up briefing at the FBI office here today, officials gave fresh insight into how they think the hack began—with a “spear phishing” e-mail to a Yahoo employee early in 2014. Malcolm Palmore, the FBI special agent in charge of the bureau’s Silicon Valley office, told Ars in an interview that the initial breach that led to the exposure of half a million Yahoo accounts likely started with the targeting of a “semi-privileged” Yahoo employee and not top executives. He said social engineering or spear phishing “was the likely avenue of infiltration” used to gain the credentials of an “unsuspecting employee” at Yahoo. Palmore declined Ars’ request to elaborate during a brief interview inside the San Francisco FBI office, and he would not say whether the government or Yahoo discovered the breach. He also would not say how long the intrusion lasted before it was cut off. Read 11 remaining paragraphs | Comments
Visit link:
How did Yahoo get breached? Employee got spear phished, FBI suggests
After WikiLeaks revealed data exposing information about the CIA’s arsenal of hacking tools, Intel Security has released a tool that allows users to check if their computer’s low-level system firmware has been modified and contains unauthorized code. PCWorld reports: The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple’s Macbooks. The documents from CIA’s Embedded Development Branch (EDB) mention an OS X “implant” called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter. In addition to DarkMatter, there is a second project in the CIA EDB documents called QuarkMatter that is also described as a “Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant.” The Advanced Threat Research team at Intel Security has created a new module for its existing CHIPSEC open-source framework to detect rogue EFI binaries. CHIPSEC consists of a set of command-line tools that use low-level interfaces to analyze a system’s hardware, firmware, and platform components. It can be run from Windows, Linux, macOS, and even from an EFI shell. The new CHIPSEC module allows the user to take a clean EFI image from the computer manufacturer, extract its contents and build a whitelist of the binary files inside. It can then compare that list against the system’s current EFI or against an EFI image previously extracted from a system. Read more of this story at Slashdot. 
Lucas123 writes: Toshiba has begun shipping samples of its third-generation 3D NAND memory product, a chip with 64 stacked flash cells that it said will enable a 1TB chip shipping later this spring. The new flash memory product has 65% greater capacity than the previous generation technology, which used 48 layers of NAND flash cells. The chip will be used in data centers and consumer SSD products. The technology announcement comes even as suitors are eyeing buying a majority share of the company’s memory business. Along with a previous report about Western Digital, Foxxcon, SK Hynix and Micron Technology have now also thrown their hats in the ring to purchase a majority share in Toshiba’s memory spin-off, according to a new report in the Nikkei’s Asian Review. Read more of this story at Slashdot.