Enlarge / A screen shot showing the exploit taking control of a Samsung TV.

A new attack that uses terrestrial radio signals to hack a wide range of Smart TVs raises an unsettling prospect—the ability of hackers to take complete control of a large number of sets at once without having physical access to any of them.

The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue TV signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was able to gain highly privileged root access to the TVs. By revising the attack to target similar browser bugs found in other sets, the technique would likely work on a much wider range of TVs.

"Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways," Rafael Scheel, the security consultant who publicly demonstrated the attack, told Ars. "Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV's camera and microphone."

Read 6 remaining paragraphs | Comments

libplist 'parse_string_node()' Function Local Denial of Service Vulnerability
libplist 'base64encode()' Function Local Denial of Service Vulnerability
Splunk Enterprise HTML Injection and Information Disclosure Vulnerabilities

Im involved in a project to deploy a SIEM (Security Information Event Management) / SOC (Security Operation Center) for a customer. The current approach is to outsource the services to an external company also called a MSSP (Managed Security Services Provider). We had an interesting chat about the pro con to have an internal or external SOC. The main arguments from the company are:

  • We dont have experience on board and we should hire people. And keep them on board!
  • We dont know how to deploy the SIEM / SOC
  • We have a limited budget (which is the 1st argument for many organizations)

Often, if not always conceded, the deployment of a SIEM is part of a long list of compliance requirements (from the business or the group the company belongs to).

Here is a small recap of the points we discussed:

SOC Pro Con
  • Good knowledge of the business
  • Tailored to your own requirements
  • All data are stored and processed internally
  • Easier correlation of events between the departments
  • Costs to deploy and maintain
  • Difficulty to hire talented people
  • Risk of conflict of interest between departments
  • Long term ROI
  • Costs (its a new service contract - OPEX)
  • Benefit of trends and detection on other customers
  • Access to more threat intelligence
  • No conflict of interest with the other departments (external advice reporting)
  • Scalability and flexibility
  • There is a clear lack of knowledge of the business
  • Lack of communications
  • Difficulties to keep the SIEM in sync with the infrastructure
  • Services are provided based on levels (ex: gold / silver / bronze)
  • Lack of dedicated people to YOUR environment
  • Data stored and processed outside your perimeter
  • Lack of customization

And you? What is your point of view? Feel free to share.

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Pitivi CVE-2015-0855 Arbitrary Code Execution Vulnerability
Nextcloud CVE-2016-9464 Unauthorized Access Vulnerability
ownCloud and Nextcloud CVE-2016-9462 Security Bypass Vulnerability
ownCloud and Nextcloud CVE-2016-9459 HTML Injection Vulnerability
Multiple VMware Products CVE-2017-4902 Local Heap-Based Buffer Overflow Vulnerability
Multiple VMware Products CVE-2017-4904 Local Memory Corruption Vulnerability
Multiple VMware Products CVE-2017-4905 Local Information Disclosure Vulnerability
GNU Binutils CVE-2017-7224 Remote Denial of Service Vulnerability
IBM Cognos Analytics CVE-2016-3015 Cross Site Scripting Vulnerability
Linux Kernel CVE-2016-2384 Local Denial of Service Vulnerability
Google Android CVE-2016-8399 Remote Privilege Escalation Vulnerability
[security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege
Pixie CVE-2017-7361 Cross Site Scripting Vulnerability
IBM TRIRIGA Application Platform CVE-2017-1180 Unspecified Remote Privilege Escalation Vulnerability
Exponent CMS CVE-2016-9020 SQL Injection Vulnerability
GNU Binutils CVE-2017-7225 Remote Denial of Service Vulnerability
Dahua IP Camera CVE-2017-7253 Privilege Escalation and Information Disclosure Vulnerabilities
MikroTik RouterBoard CVE-2017-7285 Remote Denial of Service Vulnerability
Pixie CVE-2017-7363 Cross Site Scripting Vulnerability
NetIQ Sentinel CVE-2017-5185 Denial of Service Vulnerability
Linux Kernel CVE-2017-2647 Null Pointer Deference Local Privilege Escalation Vulnerability
Linux Kernel CVE-2017-7346 Local Denial of Service Vulnerability
Wonderware InTouch Access Anywhere Multiple Security Vulnerabilities
Multiple eMLi Products CVE-2017-7258 Directory Traversal Vulnerability
Multiple Schneider Electric Modicon Products Weak Cryptography Multiple Security Weaknesses
MantisBT CVE-2017-7241 Cross Site Scripting Vulnerability
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Linux Kernel CVE-2017-7294 Local Denial of Service Vulnerability
WebKit Memory Corruption and Information Disclosure Vulnerabilities
MantisBT CVE-2017-6973 Cross Site Scripting Vulnerability
MantisBT CVE-2017-7309 Cross Site Scripting Vulnerability
LibTIFF CVE-2016-10268 Heap Based Buffer Overflow Vulnerability
Internet Storm Center Infocon Status