ISC StormCast for Wednesday, January 4th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 3 January 2017
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Wednesday, January 4th, 2017 edition of the Sands and Storms anders Stormcast. My name is Johannes Ulrich, |
| 0:08.9 | and the I'm recording from Jacksonville, Florida. Just before Christmas, we had a story about LG TVs, |
| 0:15.9 | apparently getting affected by ransomware. Well, in this case, it was a certain type of TV that actually ran |
| 0:24.2 | Android and these TVs were infected by the same ransomware as all other Android devices |
| 0:32.6 | if you install a malicious app. In this particular case, the owner installed an app that promised free |
| 0:39.9 | videos. Now, the problem with these TVs is that there are no published factory reset instructions. |
| 0:48.6 | So essentially, you're stuck with this TV. The only thing it will display after the ransomware runs is a fake FBI notice, essentially |
| 0:58.0 | asking you to pay a ransom to have your TV unlocked, which actually in the case of a TV isn't actually all that easy to do. |
| 1:06.0 | A user affected by this contacted LG and initially got a rather expensive repair estimate, |
| 1:13.2 | but eventually LG went ahead and now published the factory reset instructions for this TV. |
| 1:22.2 | In case this ever happens to you or one of your relatives' friends, I'll link to a video showing these instructions in the |
| 1:32.4 | show notes. And then we got an update for LipPNG. Now, this is one of the basic graphic libraries |
| 1:40.2 | for Linux as the name implies it's used for PNG images and the vulnerability is |
| 1:47.0 | triggered by first adding a text structure to an image removing it and then adding another |
| 1:53.1 | one now as the note about the bug explains this is rather unlikely to happen but as I |
| 1:59.9 | say it has happened not clear if this |
| 2:03.1 | was actually exploited as part of an attack or if just someone ran into this vulnerability while |
| 2:10.3 | writing some png related code updated versions of this library should already be available for all common Linux distributions, |
| 2:20.3 | so apply the patch as soon as you get to it. |
| 2:24.3 | And then we have yet another vulnerability related to security software intercepting SSL traffic. |
| 2:31.3 | Now, this has become more and more standard that personal security software that |
| 2:36.2 | you install on your system does intercepts SL traffic. It does this by installing a trusted |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.