Hello, welcome to the Thursday, November 7th, 2019 edition of the Sansonet Storms, Stormcast. My name's

Johannes Ulrich, and I'm recording from Jacksonville, Florida. It seems like there isn't a week

where I don't cover some kind of story about how malicious software made it into the Google Play Store,

despite Google's best efforts to try to prevent this from happening.

These malicious apps are often discovered by endpoint security product providers, of course,

somewhat also advertising their goods.

Well, Google now actually recruited three of them, ESET, Lookout and Symparium to assist them

in helping them secure the Play Store.

The idea is that Google will take technology from these companies and integrated into

their Google Play Protect Detection System. That's the script they're running to filter out

malicious applications before they're being published. One of the big differentiators between Google's

Play Store and Apple's App Store is that Google

relies pretty much on sort of automated technology, not on an actual human reviewing the application.

So hopefully by adding these new companies to the mix, they will have a better chance of

reading out some of the bad actors.

And the SEN project released six advisories addressing vulnerabilities in its virtualization

platform. Nothing too super critical here. There are a couple

of privilege escalation vulnerabilities that could allow code that was running in a guest to actually

affect the host, a couple of denial of service vulnerabilities as well. So certainly something you should address if you are running Citrix for virtualization,

well it's Zen based, so you should refer to the corresponding Citrix patches.

And remember how WireShark recently dropped the old and outdated WinP-Cab library that's no longer

really maintained and replaced it with NPCAP?

...