Last Updated: 2017-07-22 00:19:55 UTC
by Renato Marinho (Version: 1)
Black Hat US 2017 is debuting and with it a potential concern to most of us. It turns out that one of the conference presentations, entitled BROADPWN: REMOTELY COMPROMISING ANDROID AND IOS VIA A BUG IN BROADCOM’S WI-FI CHIPSETS , will detail how Broadcom BCM43xx Wi-Fi chipsets can be exploited to achieve full code execution on the compromised device without user interaction.
“An attacker within range may be able to execute arbitrary code on the Wi-Fi chip”, says Apple about this vulnerability (CVE-2017–9417) in its latest security bulletin . Google published the patch to fix the vulnerability on Android early this month .
Besides Apple, those chipsets are present on most smartphone devices like HTC, LG, Nexus and most Samsumg models as well. Make sure to have this vulnerability fixed in all your devices?—?especially if you are planning to be in Las Vegas next week.
Last Updated: 2017-07-21 22:23:02 UTC
by Didier Stevens (Version: 1)
We've been informed of recent malware campaigns that deliver .iso attachments (.iso files are CD/DVD images). These .iso files contain a malicious executable.
Since Windows 8, Windows will automatically mount .iso files when they are opened. Like this, these .iso files are like .zip files with malware.
Here is an example of an email with .iso attachment:
This email file can be analyzed with emldump:
Part 5 contains the attached .iso file (Quotation-0568.iso), and can be extracted like this:
The executable can be extracted like this:
It is indeed a PE file: