Sanjay Seth Blog
First-Ever Data Stealing Malware Found Using Intel AMT Tool to Bypass Firewall
It is not hard for a State funded state-sponsored hacking group to break into corporate networks and compromise systems with malware, but what's challenging for them is to keep that backdoor and its communication undetectable from a firewall and other network monitoring applications.
However, a Cybe-espionage-Group known as "," that is very actively targeting government organisations, defense institutes, and telecommunication providers since at least 2009, has found a way to hide its malicious activities from host-based protection mechanisms.
FORTINET USES ASIC architecture WHICH IS FREE FROM THIS THREAT.
CheckPOINT, Sophos and Cyberom should explain
Do you watch movies with subtitles?Just last night, I wanted to watch a French movie, so I searched for English subtitles and downloaded it to my computer.Though that film was excellent, this morning a new research from Checkpoint scared me.I was unaware that a little subtitle file could hand over full control of my computer to hackers, while I was enjoying the movie.Yes, you heard that right.A team of researchers at Fortinet / Check Point has discovered vulnerabilities in four of the most popular media player applications, which can be exploited by hackers to hijack "any type of device via vulnerabilities; whether it is a PC, a smart TV, or a mobile device" with malicious codes inserted into the subtitle files.
"We have now discovered malicious subtitles could be created and delivered to millions of devices automatically, bypassing security software and giving the attacker full control of the infected device and the data it holds," he added.These four vulnerable media players (mentioned below) have been downloaded more than 220 million times:VLC — Popular VideoLAN Media PlayerKodi (XBMC) — Open-Source Media SoftwarePopcorn Time — Software to watch Movies and TV shows instantlyStremio — Video Streaming App for Videos, Movies, TV series and TV channels
The vulnerabilities reside in the way various media players process subtitle files and if exploited successfully, could put hundreds of millions of users at risk of getting hacked.As soon as the media player parses those malicious subtitle files before displaying the actual subtitles on your screen, the hackers are granted full control of your computer or Smart TV on which you ran those files.
MORE is coming
Researchers have discovered a new attack, dubbed 'Cloak and Dagger', that works against all versions of Android, up to version 7.1.2.Cloak and Dagger attack allows hackers to silently take full control of your device and steal private data, including keystrokes, chats, device PIN, online account passwords, OTP passcode, and contacts.
What's interesting about Cloak and Dagger attack?The attack doesn't exploit any vulnerability in Android ecosystem; instead, it abuses a pair of legitimate app permissions that is being widely used in popular applications to access certain features on an Android device.Researchers at Georgia Institute of Technology have discovered this attack, who successfully performed it on 20 people and none of them were able to detect any malicious activity.Cloak and Dagger attacks utilise two basic Android permissions:SYSTEM_ALERT_WINDOW ("draw on top")BIND_ACCESSIBILITY_SERVICE ("a11y")
The first permission, known as "draw on top," is a legitimate overlay feature that allows apps to overlap on a device's screen and top of other apps.