Hello, welcome to the Thursday, August 31st, 2017 edition of the Santernight Storm Center's

Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida.

Japanese security company NRI has released information regarding critical vulnerability in Conman.

Now, a Conman is short for Connection Manager,

and it is a network manager that you often find in small devices,

typically Internet of Things devices.

The vulnerable component is a DNS proxy and Conman 1.3 and earlier are vulnerable to a buffer overflow that can lead to remote code execution or of course to denial of service.

The one saving factor here is that in order to exploit the vulnerability, an attacker has to send DNS responses directly to the device, so responses aren't forwarded by recursive DNS servers.

But if an attacker can do that, they can take full control of the device.

And since it is actually a stack-based buffer overflow, it's not that hard to pull off.

So in particular, in a more targeted attack, if an attacker already has control over part of the network,

this may be sort of an interesting lateral movement into industrial

control devices.

Now a patch for this has been made public via Conman's Git repository, but of course you

may need to wait for your respective manufacturer to come up with updated firmware.

NRI has not released any proof of concept.

However, if you look at the patch, it's pretty straightforward to figure out where the problem actually lies.

And Trickbot, the latest banking malware, keeps evolving and as part of its bag of tricks it now added

the recording of credentials for Coinbase. Coinbase is a Bitcoin exchange that's quite

popular and we have seen this over the last few years in particular recently with the increase

in the price of Bitcoin, that Malware is going

more after Bitcoins directly. In addition to Coinbase, this latest version of Trickpot also goes

...