Week in review: Hacking through subtitles, new class of attacks against Android

Here’s an overview of some of last week’s most interesting news and articles:

How to build a better SOC team
There’s no scarcity of discussion around the reasons for the infosec skills shortage or ideas for how we can narrow the gap. Few discussions, however, take an honest look at the contrasting career paths of veteran security pros and the junior security specialists of today – and how that contrast is only compounding challenges.

One third of executives have blockchain on their mind
In a study among C-Suite executives seeking their perspective on blockchain, one third of almost 3,000 executives surveyed are using or considering blockchain in their business.

New class of attacks affects all Android versions
The possible attacks include advanced clickjacking, unconstrained keystroke recording, stealthy phishing, the silent installation of a God-mode app, and silent phone unlocking + arbitrary actions.

Hackers can use subtitles to take over millions of devices running VLC, Kodi, Popcorn Time and Stremio
By crafting malicious subtitle files for films and TV programmes, which are then downloaded by viewers, attackers can potentially take complete control of any device running the vulnerable platforms.

Protecting your cloud from ransomware
Ransomware doesn’t have to be terribly complex stuff. To be effective, it just needs access. By paying attention to the different pieces of the cloud stack and addressing their unique security needs with these preparations, your environment will be far more resistant to ransomware threats

More links between WannaCry and Lazarus group revealed
Symantec researchers have found more links between WannaCry ransomworm and Lazarus, the hacking group believed to be behind the 2014 attack on Sony Pictures and the 2016 Bangladesh Central Bank heist.

Critical Samba code execution hole plugged, patch ASAP!
The developers of Samba have plugged a critical remote code execution flaw that could allow a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Samsung Galaxy S8 iris scanner can be fooled with a printed photo
After demonstrating how easily Apple’s Touch ID can be fooled with a user fingerprint photographed from a glass surface, Chaos Computer Club (CCC) hacker “Starbug” has proven that the iris recognition system in Samsung’s Galaxy S8 smartphone can be fooled by using a printed photo of the user’s eye(s).

How to secure your digital transformation
For organizations that are under-going a digital transformation of their business, there are three critical success factors that CSOs /CISOs need to consider.

1Password Travel Mode protects passwords from border agents
The idea is that border agents may have the right to search the information on your devices, but not to access information stored in an online account.

Despite tremendous growth, most IoT projects fail
60 percent of IoT initiatives stall at the Proof of Concept (PoC) stage and only 26 percent of companies have had an IoT initiative that they considered a complete success.

SCADA systems plagued by insecure development and slow patching
SCADA systems are at the core of water treatment plants, gas pipelines, electrical power distribution systems, wind farms, expansive communication systems, and even civil defense sirens. Therefore, attacks on SCADA systems have the potential to impact a wide range of systems and numerous pieces of critical infrastructure.

Breaking TLS: Good or bad for security?
As the use of TLS by malware and phishing increases, some security practitioners are seeking solutions to break TLS so they can monitor all traffic in and out of their network.

Guidance for connected vehicle security: Attack vectors and impacts
The Cloud Security Alliance (CSA) released its first ever research and guidance report on connected vehicle security.

As GDPR deadline looms, time for compliance is running out
Most organizations struggle with identifying and locating where all customer data is stored. 15 percent of German organizations admitted they don’t know where all customer data is stored, both on-premise and offsite.

Beware the coffee shop: Mobile security threats lurk around every corner
40 percent of organizations believe that C-level executives, including the CEO, are most at risk of being hacked when working outside of the office.

Software security assurance: Everybody’s invited
As more and more things in this world of ours run on software, software security assurance – i.e. confidence that software is free from vulnerabilities (either intentional or not) and functions as intended – is becoming more important than ever.

New infosec products of the week​: May 26, 2017
A rundown of infosec products released last week.

More about

Don't miss