InfoSec Week 21, 2017

Posted on 29 May 2017
SUBSCRIBE TO A WEEKLY NEWSLETTER!

Check Point researchers revealed a new attack vector using malicious subtitle files, which, when downloaded by a victim’s media player, can provide complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io.
http://blog.checkpoint.com/2017/05/23/hacked-in-translation/

Check Point also discovered an auto-clicking adware found on 41 apps in Google Play Store. It is silently sending "clicks" to an advertisements pushed by the remote C&C server.
http://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/

WannaCry support staff decrypted files for free because their "Taiwanese campaign seems to be a total failure." and they have "overestimated income of the population". How generous.
https://twitter.com/fztalks/status/864852163230609408
http://www.taiwannews.com.tw/en/news/3161826

Cloak & Dagger is a new class of potential attacks affecting Android devices. It's basically an attack vector based on two Android permissions (SYSTEM_ALERT_WINDOW, BIND_ACCESSIBILITY_SERVICE) that are allowed by default and malicious app can use them to do bad stuff.
http://cloak-and-dagger.org/

Interesting security evaluation "of the Implantable Cardiac Device Ecosystem Architecture" by the WhiteScope. Basically, these devices are not authenticated, nor encrypted and can be programmed by anyone competent.
http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html

Crypto guys published paper breaking the encryption published 3 days earlier. Should have emailed them instead...
https://eprint.iacr.org/2017/471 https://eprint.iacr.org/2017/458

Vulnerability researcher Tavis Ormandy has ported Windows Defender to Linux:)
"This repository contains a library that allows native Linux programs to load and call functions from a Windows DLL."
https://github.com/taviso/loadlibrary


Comments !