ICYMI: Buffer overflow; AI crime-fighter; Banking Trojan; SS7 Flaws; PayPal Phishing
The latest In Case You Missed It (ICYMI) looks at Symantec vulnerability; AI crime-fighter; Banking under threat; Flaws in SS7; PayPal phishing scam
Tavis Ormandy at Google's Project Zero team has found a vulnerability in Symantec's Antivirus Engine. Run on Windows, the vulnerability results in instant blue-screening and kernel memory corruption. This buffer overflow occurs when parsing malformed portable-executable (PE) header files.
Ormandy adds, "On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel (wtf!!!), making this a remote ring0 memory corruption vulnerability -- this is about as bad as it can possibly get." More
IBM plans to train its Watson artificial intelligence system to solve cyber-crimes, the tech giant announced. Big Blue will spend the next year working with eight US and Canadian universities to help the Watson AI learn how to detect potential cyber-threats.
The cognitive system will process large amounts of information and students will train up Watson by annotating and feeding the system security reports and data. More
Banking Trojans Android.SmsSpy.88.origin, which was first spotted in 2014, attacks Android users and despite seeming outdated, Doctor Web researchers say the popularity rating is still high and has been made more dangerous and capable of performing ransomware functions. .
“The Trojan is distributed under the guise of a benign application, for example, Adobe Flash Player. Once launched, the Trojan prompts the user to grant it administrator privileges. It then turns on the Wi-Fi module and checks every second whether a Wi-Fi or cellular connection has been established. If no connection is made, Android.SmsSpy.88.origin enables these communication channels once again,” Dr Web researchers said. The Trojan has affected users in more than 200 countries and at least 40,000 mobile devices. More
A vulnerability in the international communications standard Signaling System 7 (SS7) allows hackers to mimic users and intercept messages on mobile networks, rendering encryption useless in message services such as WhatsApp and Telegram, according to security researchers.
Positive Technologies found the flaw in the SS7 standard which defines how network elements exchange information over a signalling network. Researchers said the vulnerability could enable hackers to “send, intercept and alter SS7 messages by executing various attacks against mobile networks and their subscribers.” More
AppRiver researcher Troy Gill reports a new PayPal phishing scam is making the rounds using a phoney security message to obtain personally identifiable information.
Gill said the PayPal scam is casting a wide net to obtain sensitive data from as many people as possible. The supposed PayPal email informs the victim their account has been placed on a “limited” status with no activity allowed until certain information is confirmed. It has an HTML attachment that launches the recipient to a page where the personal data can be input, to include name, address, mother's maiden name, payment card information, Social Security number and phone number. More