Researchers at Check Point, an information security company, have discovered a new way for hackers to gain access to your devices – movie subtitle files.
This particular attack uses popular media player software including VLC and Popcorn Time. It is estimated that hundreds of millions of users worldwide may be at risk to this type of attack.
By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.
Users are encouraged to download and apply the relevant updates for the media players listed above and to also check for updates for any other media/streaming software not listed above.
Source: Check Point
REDDIT, The Internet – If you’re interested in “MalwareTech,” the handle of the guy who helped stopped the recent WannaCry ransomware attack, head on over to his reddit “Ask Me Anything” (AMA) session.
Over the years, reddit’s AMA’s have seen several politicians, movie stars, athletes, authors, and a variety of other interesting people, answer questions from members of the popular social site.
Past popular AMA’s include:
Neil deGrasse Tyson
“Organizations who continue to run Windows XP, software which cannot adequately detect and protect your information assets, and obsolete software, will make your systems easy targets for hackers and cyber criminals, as these systems will be hardest hit as the level of vulnerabilities and exploits are high and easily available.” This is an extract from the Cyber Security Predictions for 2015 written by the Deon Olton, ICT/Cyber Security Consultant with Caribbean Cyber Security Center.
Cyber security consultants at the Caribbean Cyber Security Center have predicted this level of cyberattacks two years ago based on the threat intelligence available in 2015. Furthermore, we stated that malware and special variants like ransomware will be on the rise across the globe in 2016 and beyond; hence there is no surprise of the recent news.
Almost 72 hours have passed since the WannaCry ransomware attacked computers and networks across the globe. Here’s a recap:
Starting Friday (May 12) hundreds of thousands of computers across 150 countries were hit. Organizations affected include: The UK’s National Health Service (NHS), FedEx, Telefonica and Renault. The software infected computer files and demanded a ransom of several hundred dollars payable in Bitcoin.
WannaCry was delivered via a vulnerability discovered in recent Windows Operating Systems, but which was patched back in March 2015.