meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Tuesday, August 15th 2017

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 15 August 2017

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SPAM vs. Malware; Android Intra-Library Collusion; SonicSpy

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Tuesday, August 15th, 2017 edition of the Sands and its Storm Center's Stormcast. My name is Johannes Ulrich and I'm recording from Jacksonville, Florida.

0:12.4

Quite often you may have asked yourself why anti-malware software isn't better in sort of identifying these generic obfuscation techniques that we often see with

0:24.1

malware. Well, today we have a nice diary with an example why that doesn't work. In this particular

0:31.1

case, the email that arrived though was malicious looking. It did use a lot of the tricks that we see in Malware and the landing

0:40.7

page that you went to when you clicked on the link. Well, it also used heavily obfuscated

0:46.4

JavaScript, but in the end, it just ended up to be spam. Now, you may consider this type of spam malicious as well, but by most

0:58.0

definition, there is a difference between spam and malware. And Malware engines try to not sort

1:06.3

of overstep their bounds in order to avoid being blamed for false positives. And we definitely had

1:13.4

plenty of them in the past as well. So interesting example, how not all obfuscated JavaScript

1:20.5

is outright malicious. In this case also we have again one of these new top level domains.

1:26.8

I think it was dot world showing yet again

1:29.8

that there's probably little need to resolve these domains and you may actually gain some

1:36.4

spam filter in this case or maybe even block the occasional piece of malware if you don't

1:43.0

resolve these new top-level domains.

1:46.4

And researchers at the University of Oxford have come up with an interesting new technique,

1:52.9

how malware could sneak its way into additional privileges on Android. Now, the paper really talks about Android, but the authors mention that

2:04.0

in principle the same technique is also possible on iOS. Essentially, what they're talking about

2:10.4

is that multiple applications on a phone will share common libraries. That's very common practice.

2:18.3

The particular library is only installed once and then shared between different applications.

2:23.3

But both the Android and the iOS permission system does not clearly differentiate between

2:31.3

permissions assigned to an application and a library.

2:35.0

So what happens is that a library that's used by multiple applications does gain the privileges

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.