Avast Senior Malware Analyst, Jaromir Horejsi, explains the tech terms from Mr. Robot's eps2.2_init1.asec
Athletes aren’t the only ones training for the Olympics, cybercriminals are also stepping up their game! Avast explains which threats you should watch out for!
If you couldn't wrap your head around the latest episode, eps2.1_k3rnel-pan1c.ksd, of Mr. Robot, don't panic -- Avast explains the technical terms.
Image via: USA Network @
The two-part premiere of season two of Mr. Robot did not disappoint! The episodes focused more on the current state of the main characters than on hacking and a lot has changed since season one.
Mr. Robot is coming back to USA Network on Wednesday, July 13th at 9/10 pm Central (tonight!) for its second season and I cannot wait (especially since I missed Sunday's sneak preview)! Season one was full of complex hacks that were, for the most part, accurately portrayed. By speaking to various Avast experts, I learned a lot about the hacks on the show last summer and how they could affect consumers like you and I.
Image via: USA Network @
Here’s a recap of what we learned from the hacks in season one of Mr. Robot:
Season one of last summer’s hit new TV show, Mr. Robot, was filled with interesting and, for the most part, accurately portrayed hacks. The hacks were carried out by the show’s main character Elliot and hacker group fsociety. Their goal throughout the season was to take down the multi-national conglomerate, E Corp.
Image via: USA Network @
Although the hacks on the show were rather complex and to a certain extent elaborate, there are a few things SMBs can learn from them.
The 2016 U.S. presidential primaries are well under way and the candidates are a hot topic in the media, social media and in real life discussions. With all the buzz, I was curious to see how Android app developers are taking advantage of the candidate’s popularity and what permissions the apps request. So with this mission in mind, I started downloading and testing these apps.
Avoid having your online accounts hacked like Mark Zuckerberg’s by managing your passwords correctly.
The recent news of celebrity social media accounts, including Mark Zuckerberg’s, being hacked should be seen as an important reminder to how valuable passwords are. Who knows if the cybercriminals that hacked the accounts just tweeted strange things or if they went a step further and read the celebrities’ direct messages or more.
Most people create easy passwords like these and never change them
What’s the deal with these “you won something” texts?
I recently received a text message saying an iPhone 6s is waiting for me. I normally delete these messages, but this time I was curious… I have been considering upgrading from my iPhone 5 for a while now J. So, I decided to consult with my friend, Avast senior malware analyst Jan Sirmer and see what would happen if I believed the text.
How did they get my number?
The first question I had about this was: How did they get my number? “A computer probably sent it to you,” said Jan. How did a computer get my number? “There are programs that allow computers to send text messages to a bunch of numbers at once. They probably use the same area code and the rest of the digits in the number are generated by the program.”
Last week, Talos discovered multiple vulnerabilities in 7-Zip, a popular, open source file archiver. The vulnerabilities are particularly severe as many products, including antivirus software, implement 7-Zip in their software. When vulnerabilities are found, it is the responsibility of software owners to patch them. However, these patches are useless, unless users update their software.
Avast is not affected by these vulnerabilities, but if you are a non-Avast user we recommend you update your antivirus software, if you haven’t done so already.
About the vulnerabilities
The two vulnerabilities found are CVE-2016-2335 and CVE-2016-2334. The first vulnerability is an out-of-bounds read vulnerability, which exists due to how 7-Zip handles Universal Disk Format (UDF) files and could allow attackers to remotely execute code.
The second vulnerability is an exploitable heap overflow vulnerability, found in the Archive::NHfs::CHandler::ExtractZlibFile method functionality. In the HFS+ file system, files, depending on their size, can be split into blocks. There is no check to see if the size of the block is bigger than size of the buffer, which can result in a malformed block size which exceeds the buffer size. This will cause a buffer overflow and heap corruption.
What you should do
As mentioned above, it is up to software publishers to provide their users with vulnerability fixes, but these are futile if users don’t take action and update their software. It is vital that you frequently update all software, including your operating system, on a regular basis.