You are reading the article Security Researcher Says New Malware Can Affect Your Bios; Communicate Over The Air updated in December 2023 on the website Tai-facebook.edu.vn. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested January 2024 Security Researcher Says New Malware Can Affect Your Bios; Communicate Over The Air
Rip out your computer’s microphone and webcam, turn off your Bluetooth, and put on your tinfoil hats, it’s “super amazing crazy security storytime.”
A noted security researcher says he has found a new type of malware that can affect some of the lowest levels of your machine.
Ruiu recently told Ars Technica that he’s been tracking down badBIOS for the past three years. Since badBIOS is reportedly a crafty piece of code, all he has right now is a working theory about how the malware works.
The thing is…The one nagging detail about badBIOS is that Ruiu is the only person making these claims, and he has yet to produce enough evidence for other security researchers to independently examine.
But Ruiu, who organizes the CanSecWest and PacWest security conferences , is respected enough that many fellow researchers are hesitant to outright discredit his claims as pure fantasy. Still, without independent verification of Ruiu’s claims, it’s impossible to know for sure whether badBIOS is the real deal or not.
badBIOSIf you want a more detailed explanation of badBIOS, check out the Ars Technica article linked to above, but here are the basics.
As its name suggests, badBIOS infects your machine’s BIOS—the small bit of firmware that prepares your machine before booting the operating system. If you’ve ever pressed a key like F2 shortly after your computer boots and then gone to a screen that looks like it was built on a Commodore Vic 20, that’s the BIOS.
Once a machine is infected, badBIOS gets to work inserting malicious code inside the operating system itself.
Malware that starts by attacking the BIOSisn’t unheard of, but most bits of bad code typically attack weaknesses in standard targets that live inside the operating system, such as Adobe Reader or a Java browser plugin.
BIOS malware could be more effective since it’s harder to track down, and fixing it is beyond the capabilities of the majority of PC users.
But what really sets badBIOS apart is that it is supposedly capable of resisting erasure if someone reinstalls (known as flashing) the BIOS firmware. BadBIOS is also platform-independent, which means it can infect and work across a wide array of PC operating systems that include Windows, OS X, Linux, and BSD, according to Ruiu.
BadBIOS infects a machine through infected USB drives, according to Ruiu’s current theory. Once it’s on a machine, the malware can then communicate with other infected devices over high-frequency signals.
Reality of the badBIOSThe verified existence of badBIOS would also throw into serious doubt the viability of air-gap security, where sensitive files are read or created on PCs that never connect to the Internet. Security expert Bruce Schneier who recently assisted the Guardian in looking at documents from NSA leaker Edward Snowden used an air-gap computer for that work.
Interestingly, high-frequency signals could be just one way for machines to communicate through non-standard networking channels. Anyone interested in some background information, should check out a blog post by Errata Security’s Robert David Graham.
“There are other ways to do air-gapped communications using covert channels,” Graham says in the post. “You might exploit blinking LEDs…monitor the voltage on the power supply…The average laptop computer has a godawful number of inputs/outputs that we don’t quite realize.”
The malware-filled future that badBIOS portends may sound scary, but it’s too early to press panic buttons just yet. We can also take heart in the fact that knowing about a piece of malware and how it works is half the battle to defeating it.
And for anyone that loves to admire all things tech, malware or not, you have to admit that badBIOS (if it’s real) would be a pretty impressive hack.
Updated 11/1/2013 at 5:15 p.m. PDT—This story was updated to reflect that the current theory says badBIOS malware communicates over high-frequency signals, but infections happen only via USB sticks.
You're reading Security Researcher Says New Malware Can Affect Your Bios; Communicate Over The Air
Can Futurism Affect Digital #Marketing? #Sejsummit Speaker Dana Todd Says Yes
Our SEJ Summit Chicago event was held on April 15th, and we were happy to have Dana Todd, of Dana Todd Consulting, presenting. She spoke about “The Future of Today” when it comes to combining your digital strategy and futurist technology.
Our next event, SEJ Summit London, is now less than four weeks away! We still have a few FREE tickets available for our London marketing conference, courtesy of our partner, Searchmetrics. Request an invite today here.
#PROTIP: Because our content is enterprise-focused, if you are a consultant but work with big, enterprise brands, mention them in your job title/company when requesting an invite.
Without further adieu, here’s my interview with Dana.
1. One of the things I like best about our industry is that it is always changing. What is the one thing all brands should do to prepare for changes in digital marketing, even when we don’t know what those changes will be?My presentation at the Summit was about precisely this topic. The three biggest changes coming down the pipe are connected autos, wearables, and “Internet of things” – all of which are somewhat related but differ in terms of how marketers should respond. However, there are some foundational elements that I see marketers ignoring year after year and it’s finally going to catch up to them.
For one thing, I still see brands that under-invest in SEO as an ongoing priority. They don’t seem to realize the fundamentals of SEO are also the fundamentals of having all your content set up in a way that is easily consumed not just by Google but also by GPS systems (location-based apps and car GPS) and non-text search (connected cars can be navigated by voice, smart devices make sense of surroundings).
2. Like you, I also have a background in journalism, how do you find that informs your work as a marketer?Being a journalist means you’re curious, and also that you dig into the facts until you have a pretty good sense of what’s going on. Being a data-driven marketer is the same, really. I also think journalistic training is great for being able to keep yourself at a high level of strategic thinking, with capacity to deep-dive on things to get up to speed quickly. It’s enabled me to stay current with digital changes since 1996!
3. Your SEJ Summit speech focused on the future, so speaking of journalism, I am curious: What is the top marketing trend you expect to emerge in the next 12 months?As I mentioned earlier, there are three big ones: wearables, connected autos, and IOT. The two that are closest in terms of timing and opportunity are wearables and autos, but both aren’t necessarily the best match for all brands.
If you’re a brick and mortar business, the connected auto is truly going to be huge, but even national brands and CPG brand can participate here in a meaningful way. I think wearables aren’t going to be as big for all brands, or all people.
More Americans will be buying connected cars, as the pent-up demand for auto purchases during the recession starts to hit at the same time. It’s not an “if”-it’s a “when”.
4. You have been in the online marketing field for many years. What changes in our industry excited (or surprised, intrigued) you the most?To be honest, it got a bit stagnant in the past decade as the economy impacted our ability to innovate and commercialize inventions. It was only in the past year that I’ve gotten excited again, about the tiny little connective tissues forming in IOT and connected autos. I think we’re opening up a whole new box of toys!
5. What is one of the biggest mistakes you see struggling businesses make?Focus, keep steady in your messaging and work in just a few main channels (and don’t pick the easy or shiny channels, pick the ones that are actually where your audience is). And, don’t discount non-digital marketing. We’re all still human, and we’re all still influenced by mass and direct marketing.
Thanks for the insight into how futurism can influence our marketing, Dana!Don’t forget, you can request your free ticket for our London event, happening on May 12th at The Ham Yard. You can also come see us in Silicon Valley, NYC, and Atlanta later this year.
Featured Image: Sergey Nivens via Shutterstock
Security Debt Can Hinder Your Business Growth
According to Industry figures, Three out of four startups fail. 70% of these failures occur when the company is just two to five years old. While startups face many obstacles on the path to survival, 20% of them fail. Because of fierce competition. This environment can be particularly harsh for SaaS-based businesses. Although the product-market fit is crucial to success, there are many startups that failed to succeed despite having superior products. Building a strong security position early in your business can help you project more business maturity and be able to compete against other companies.
Security MattersSecurity can be a problem, with the negative impact on businesses and the cost of fixing it. However, it is possible to increase growth by ensuring security. Many companies are seeking to sell into large enterprises and highly regulated sectors like financial services and healthcare. It can be hard to get into these large organizations and brands because they don’t want to take risks with patient or customer data. It can be difficult to get a foothold in these big brands and organizations because they aren’t interested in taking risks with their customer or patient data. A recent survey shows that 10% of US companies are currently working to comply with more than 50 privacy laws and another 26% are working to address between six and 49. This is a requirement for buyers. They need to be confident that the organization with which they do business can manage this level of responsibility.
Optimizing for growth and feature creation are often priorities in fast-growing companies. As with technical debt, the decisions you make today will impact your ability to meet your prospects’ security expectations quickly. If you don’t pay attention to security while you are negotiating deals, your company’s “security debt” will grow. Unintelligible, often ad-hoc privacy policies and application agreements can leave you with terms that are unclear (and sometimes conflicting!) It is filled with security or legal jargon. This makes it extremely difficult to manage, and even more difficult for everyone to follow internally. It puts all your deals at risk. Your competitors, on the other hand, take security seriously and go through the procurement process with no problems, growing their businesses at each turn.
Also read:
Top 10 Trending Technologies You should know about it for Future Days
Three Steps to Check Security DebtStartups must operationalize data security to avoid security debt that can impede growth. This is done by embedding privacy and security into the core functions of the company. These are the three things you need to keep in mind when making this a reality.
1. Transform Security Requirements into Everyday Processes2. Designate Privacy and Security Ambassadors
Large companies often have the luxury to employ multiple departments (legal security privacy and compliance) in order to ensure that security and privacy regulations and rules are being followed. Leaner businesses may not have the same opportunities. Organizations that plan to grow should have at least one person responsible for security compliance. This individual will be responsible for looking at the technology architecture from a privacy and security perspective. This allows you to identify potential issues and understand the trade-offs being made for development speed. It also helps you avoid security debt.
3. Reduce Risk by Mapping Your Data AssetsGrowing Securely
Gtmhub is one example of an organization that uses security compliance to drive growth. It provides a platform that allows the largest brands to adopt, measure, and reach their goals. The platform allows companies to align their individual, departmental and corporate goals with their overall business strategy and goals. This can make the information within it highly sensitive.
Prospects need to be reassured about Gtmhub security procedures before they decide to sign a deal. The company was able to recognize this and launch a security initiative that will demonstrate and achieve both SOC 2 compliance and ISO 27001 compliance. This has simplified this important element of vendor management. Instead of conducting a thorough security audit on every customer, Gtmhub simply presents them with an already prepared attestation from an external third party to verify compliance. Gtmhub is able to showcase security controls and close deals quicker.
Security debt is a common problem. Everyone who has worked in startups knows that things do not always go as planned. However, organizations can take into consideration the long-term consequences of secured debt and create a plan to rectify them. From the beginning, look for opportunities to make your data protection and privacy processes more accessible and simpler. As your company grows, you will have a solid foundation.
Canary Review: Security Camera & Air Quality Monitor
Our Verdict
The Canary does a few things that you don’t get with other security cameras, such as the air quality monitoring and the siren. 24 hours of free cloud storage is nice, but Canary now charges for features which used to be free, including the ability to download video via the phone app and view entire clips. The new subscription model means the Canary is no longer good value, and we can’t recommend it.
Best Prices Today: CanaryRetailer
Price
$109.00
View Deal
There has never been a bigger choice of home security cameras and the majority can be set up in less than 15 minutes. The Canary is no exception: a plug-and-play unit that took me less than 10 minutes to install. Once connected to Wi-Fi, it offers a 147-degree view of your room in 1080p full HD as well as an overview of your home’s ‘health’ including air quality, temperature and humidity. Is it the right camera for your home? Read on to find out.
Why is Canary charging for some features now?
Since we originally reviewed the Canary, the company has taken the decision to remove a number of services (which were included previously) in favour of asking owners to pay for these through Canary Membership. Current memberships are priced at £79 per year or £7.99 (£95.88 annually).
The most significant changes are:
Customers who do not pay the new membership fee will only see 10-second clips of footage, rather than the full video that’s exclusive to members. This isn’t particularly helpful for situations where you may have an intruder in your home for a sustained period of time. This footage will only be available for 24 hours rather than full length recordings that are available to members for 30 days.
You can no longer download footage to your phone. This is a particular blow, as it means you can’t save evidence unless you subscribe.
Customers who don’t subscribe will not be able to set night mode, which allows you to deactivate notifications whilst you are sleeping. You now are now forced to either disable the camera in home mode or to have notifications sent to your device whilst you sleep.
Canary Members will also benefit from two-way Canary talk which allows you to use your smartphone to talk through your camera and web browser streaming that provides access to live footage from your desktop as well as 30 days recorded footage.
As a result of these changes, we have amended the original 4-star rating to 2.5 stars. The device itself is very good, but Canary’s new focus on membership packages has removed a number of key features for existing owners and has significantly impacted the value of the device for new owners who are unwilling to pay the membership fee.
What follows is our original review:
So what could you use the canary for? Well its most obvious use is to monitor what’s going on at home from a security point of view, but I was also interested in keeping an eye on my dogs Axl and Izzy while my wife and I were away from home. The Canary was perfect for both, as it has a microphone that registers unusual sounds such as glass breaking or a dog barking and motion detectors that monitor movement in the close vicinity, both of which trigger the camera to start recording.
All recordings are saved to the Canary’s cloud storage and the most basic package is free and stores footage of events captured in the last 12 hours (now 24 hours). There is of course a range of packages providing additional cloud storage for events up to 30 days ago if you’re willing to pay.
The Canary is controlled using its dedicated iOS and Android app and I have to say I could not have been more impressed with how easy this was to use. The app allows you to view recorded footage, all nicely presented in a chronological timeline. Naturally, you can also watch a live stream at the touch of a button on the app’s home screen.
The Canary is available to buy for £159 directly from the manufacturer at store-uk.canary.is or from UK retailers including John Lewis, Amazon, Apple, Maplin and PC World.
This is the same price as the Nest Cam, but a little more than the Y-Cam HomeMonitor HD, which you can buy from Amazon for less than £140.
Canary Review: DesignThe Canary is a standalone device and is available in a choice of three colours: white, black and silver. Also included is a microUSB power adaptor and an unusual secure setup cable that plugged directly into my iPhone’s headphone socket during installation.
Connecting the camera to broadband can be done using either Wi-Fi or via an Ethernet cable to your router, if it’s close by or you use powerline adaptors.
The camera measures 152 x 76.2mm weighs just 396g. Build quality is excellent and it has a contemporary design that means it looks like a modern home accessory that can be colour-coordinated with your home. There’s no hint of traditional CCTV or surveillance camera.
Image quality is very clear with full 1080p high definition footage and automatic night vision. Plus the 147 degree wide-angle lens meant I could monitor activity within a large open-plan kitchen and living room using a single device.
Audio quality is equally as good from the built-in microphone, which is also used to begin recording as soon as an unusual sound is heard.
The device also begins recording as soon a movement is recorded using the camera and and 3-axis accelerometer. Annoyingly, there’s no option to specify an area within the field of view to monitor for movement. Movement which occurs anywhere will trigger an alert. There is a sensitivity slider which you can ajust to receive fewer alerts, and the algorithms learn (with your feedback) when movement is due to a pet, moving light or shadows, and will – over time – stop notifiying you of these events.
The Canary is also fitted with a loud siren which you can sound using the iOS or Anroid app. This is intended for warning or deter an intruder of course, not for playing pranks on your family. There’s no speaker for two-way communication as the Nest Cam – and some other cameras – have.
In addition to the home security features, the Canary it is also equipped with sensors which monitor air quality, humidity and temperature. Specifically, it can detect ISO Butane, Carbon Monoxide, hydrogen, ethanol and cigarette smoke.
Other devices that measure air quality include the Foobot.
By contrast, the Canary is unfriendly to most other smart home kit. There’s no IFTTT support, either, so you can’t get around the lack of official third-party support. The only integration is with
Canary Review: SoftwareThe Canary app works with the iPhone 4s or newer and on Android devices with version 4.0 or newer.
With both the app and the hardware installed I had a host of options including setting the Canary to detect when I’m at home (using the location of my phone) and to automatically arming and disarming recording depending on my location and the privacy I required.
In armed mode, the Canary is constantly monitoring for motion and sounds and will alert me to either with a push notification.
When disarmed, the Canary still monitors and records activity but will not send a notification.
Privacy mode disables both the camera and microphone to ensure that footage is not recorded when you don’t want it to be. Privacy mode can be activated automatically whenever I or another registered user return home. There’s also the option to activate any of the settings manually through the app.
The camera is equipped with an LED which highlights which mode is selected through a green ambient light for armed, a yellow light for disarmed and the light is switched off when in privacy mode.
It is also possible to watch live footage in all modes other than privacy mode by simply pressing the ‘watch live’ button on the app’s home screen. You can zoom in (digitally) on all footage both live and recorded using a simple pinch gesture on the iPhone. Here’s the wide-angle view:
And this is the 2x digital zoom:
Accessing the app also feels particularly secure, as there’s the option of signing in using either a password, PIN or fingerprint recognition via the iPhone’s Touch ID.
It is also possible to manage multiple Canary cameras from the app, additional devices could either be placed elsewhere in the same home or in a separate location that you may want to monitor such as a business address, or elderly relative.
In addition to the smartphone app, you can also was also arm and disarm using the Canary app on an Apple Watch as well as receive notifications when any activity was recorded. I loved this feature as it allows me to have piece of mind that my home and pets are safe without the need to be constantly reaching for my phone.
Related articles for further reading Specs Canary: Specs
Camera:
1080p HD Camera 147° Wide-angle lens Automatic night vision Motion detection
Sensors:
3-axis accelerometer Ambient light Capacitive touch
HomeHealth Technology:
Temperature Humidity Air quality
Audio & Siren:
Microphone Built-in speaker 90+ dB siren
Connectivity:
2.4GHz Wi-Fi (802.11 b/g/n) Wired Ethernet
Size & Weight:
Height: 152.4mm Diameter: 76.2mm Weight: 396g
Power: 100-240v power supply
Smartphone:
Apple iPhone 4s iOS 8 or Android 4 or newer
Mobile Metaverse: The New Social Network Bondee Is Taking Over Asia
In just a few short weeks, the mobile application Bondee has managed to gather millions of users and become the number-one download in many countries across Southeast Asia. So what is this app that has teenagers across Asia begging their friends to add them?
Bondee is a hybrid of Sims and Telegram. Users can create their own avatars and virtual rooms, go to friends’ private rooms, and hang out with their avatars. In many ways, it looks like what the metaverses might look like: mobile-first, with avatars and social features. Bondee has the potential to revolutionize the way we communicate and socialize with each other.
Bondee’s success can be attributed to a number of factors. First, the app is very user-friendly and easy to navigate. Second, it is available in a variety of languages, which is crucial given the diverse population of Southeast Asia. And finally, it is extremely popular with teenagers, who are always looking for the latest and greatest social networking trends.
Bondees has managed to stand out in a very competitive industry by providing an innovative solution to the ever-growing problem of connecting people from different countries.
Of course, Bondee is far from the first project to follow this trend. The largest Roblox representative recently reported a 19% year-on-year increase in DAU to 59 million. Revenue increased sixfold in three years, reaching $2 billion or more. This illustrates just how popular the Roblox platform has become in such a short amount of time and serves as an example for other projects, like Bondee, that seek to capitalize on this trend.
Zepeto, a Korean project, has 20 million active monthly users, which is 100 times more than Zuckerberg’s in Horizon Worlds. Now the trends are being set by projects from Southeast Asia: in addition to Bondee, Singaporean Bud is growing well. This has come as a surprise to many analysts in the West, who are accustomed to dominating the market for new technology.
It will be interesting to see how Bondee develops over the next few months.
Meta’s metaverse platform Horizon Worlds failed to meet the expectations of luring and maintaining new users, leading to a 60% drop in the company’s stock price. User experience, navigation, and visuals fell short of expectations, and there is a mismatch between Meta’s focus on scalability and people’s desire for high-quality, immersive experiences. Meta researchers believe a number of factors contribute to the loss of users, including dissatisfaction with Horizon’s virtual worlds and difficulty finding other people to hang out with.
Roblox shares surged 25% following its Q4 financial results, resulting in an increase of $5 billion in its market valuation. The company achieved milestones by collaborating with famous musicians, such as Elton John, to host live concerts, and reported a 19% year-over-year increase in average daily active users (DAUs). Additionally, its players were more engaged with the games for a longer time, with the total number of engaged hours growing by 18% and 19%, respectively.
Inditex’s fast fashion brand Zara has released a metaverse-ready collection dedicated to Valentine’s Day, featuring nine avatars and 22 digital items. The items are available in IRL stores and on the South Korean metaverse platform Zepeto. Zara also released a set of digital accessories exclusively for the virtual world, such as a wallpaper style, floor, and photo booth. This is the fourth virtual fashion release launched in partnership with Zepeto, following in December 2023, April 2023, and September 2023.
Read more about Metaverse:
Fileless Malware On The Rise
Fileless Malware on the Rise
Therefore, the question arises, can you combat what you can’t catch? Well, you may be able to do that! You just need to know how.
What are Fileless Malware?Generally, anti-malware detects malware stored inside a hard drive. But fileless malware do not need any storage space, hence remain untraced by traditional defense systems. Additionally, fileless malware are resilient, hence more troublesome. Some examples of the malware are Phasebot(raw material to create virus for data theft), Poweliks(affects C&C server and invites other attacks) and Anthrax(affects files through computer memory).
The creators of ‘fileless’ malware have used PowerShell (a Microsoft tool) to execute memory focused attacks by using macros. Macros tell PowerShell to load malicious code in the computer’s memory. Macros, though used for automating tasks can be a medium for malware attacks in which malware can easily hide inside documents. They seem harmless and when opened ask to enable macros. As soon as macros are enabled, the malware hits the computer memory.
How Can You Stop Them?Fileless malware are old. Attackers used them in 90’s before Windows introduced Office XP (2001). But we still seem less equipped against the technique. The attacks may have made a comeback with the use of Dropbox and zipped file attachments, but, we can still stop them.
Here are some of the best practices that you must follow to evade fileless malware attacks.
Get the Best Protection System
Protect Your Email
Fileless malware use email attachments for spreading infection. Thus, ensure that you scan and strip your attachments and check link reputation. It can decrease the probability of attacks.
Disable Macros
Enable macros only if required. For example, you do not need macros in a word processor. You must install the latest MS Office version to prevent such attacks through word documents.
Employee Education
Security best practices cannot be implemented unless employees are educated enough. Tell your employees not to open suspicious emails and disable macros as far as possible.
Only healthy security practices combined with adequate defense tools can help stay secure against malware attacks in the long run. We hope that you follow these easy yet important steps to keep your system safe from Fileless Malware!
Next Read: What is a cyber-attack and how it affected us this year?
Quick Reaction:About the author
Tweak Library Team
Update the detailed information about Security Researcher Says New Malware Can Affect Your Bios; Communicate Over The Air on the Tai-facebook.edu.vn website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!