Security Alerts & News
by Tymoteusz A. Góral

History
#2178 This book reads you - using JavaScript
On a previous post about ePub parsers (This book reads you - exploiting services and readers that support the ePub book format), I mentioned using scripting capabilities in ePub to perform local attacks against users.

Apple just released a fix for one issue I reported last year in iBooks that allowed access to files on a users system when a book was opened. iBooks on El Capitan would open an ePub using the file:// origin, which would allow an attacker to access the users file system when they opened a book. (CVE-2017-2426)

To help demonstrate how this could be used to perform attacks against users, I added a WebSocket client to a book, so that all users who open the book will connect back to a WebSocket controller server that will feed them arbitrary instructions. The WebSocket client in the ePub will allow access as long as the user has the book open (expectation is that it could be open for a long time, if the user is provided with something worth reading).
Read more
#2179 Millions of websites affected by unpatched flaw in Microsoft IIS 6 web server
#2178 This book reads you - using JavaScript
#2177 Flatbed scanners used as relay point for controlling malware in air-gapped systems
#2176 Let’s Encrypt issues certs to ‘PayPal’ phishing sites: how to protect yourself
#2175 VMware patches critical virtual machine escape flaws
#2174 Skype users hit by ransomware through in-app malicious ads
#2173 One of the most prolific botnets is back - and now it's being used for stockmarket scams
#2172 Unskilled group behind many junk ransomware strains
#2171 New IIS 6.0 0day exploited in live attacks since July 2016
#2170 Russian hacker pleads guilty in global botnet case
#2169 About 90% of Smart TVs vulnerable to remote hacking via rogue TV signals
#2168 Someone is putting lots of work into hacking Github developers
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12