Hello, welcome to the Wednesday, May 23rd, 2018 edition of the Santernut Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Reston, Virginia.

Xavier came across an interesting trick being used to get Excel files to execute code. Now, this can always be done with macros, but of course these

macros have to be approved by the user. The other trick that XIV came across this week

is Silk files. Now, Silk files, the extension is .slk, are essentially files used to exchange data between applications and

excel can read these files actually they're usually represented using sort of an excel like

icon on the screen when you open a file like this then it will ask you if it can update data

for a spreadsheet, which will then

trigger the code. In the example found by Xavier, the code being executed is a short

PowerShell script that will download Malware and then execute it. So double check that you are

blocking these files on your mail servers because one way

how your users would be exposed to these files is by receiving them as an email attachment

because the file type is a little bit unusual.

You may not be looking for it at this point and Anheim Malware may not consider it as malicious. And BMW released a firmer update for

some of its higher-end cars to address vulnerabilities found by Keene Security Lab. Kien

Security Lab did release a report with a lot of details about these attacks.

Some of these attacks can actually be executed remotely, either via Bluetooth or via the cellular

network.

So for the cellular attack, the car would have to connect to a malicious base station.

The vulnerabilities affect BMWs with an internet-connected infotainment system,

also known as head unit and telematics control unit. Now, one particular concern is that

this will then reach all the way to the ODB bus Sonet hacker who gains access to these systems via, for example, these wireless remote

means, would have full control over the car. Also, some of the diagnostic messages that are only

...